Someone pointed out that signing a message wouldn't actually solve the all the issues
Simon raised. It would stop someone from tampering with a message, but it wouldn't
stop someone from replaying a message. You need to take additional steps to protect
against that as noted on this
thread at Sam Ruby's blog.
However, the real point I was trying to make on behalf of the developers at Microsoft.com
who built this prototype service, is that security wasn't really their goal.