Since there isn't any way that you can be certain that your help system is always secure, an additional approach to security that might be useful is to make certain the anti-virus vendors are on board. If the documentation for how to read your storage system is readily available along with some encouragement from MS, the users with anti-virus software installed will have an additional layer of protection.
You could also implement a layer to go between the original HTML and whatever you are using to render the HTML. This layer would be responsible for looking at all links/script/java and not allowing anything through which goes outside of the root domain, or in the case of a local installation, anything outside of the folder the content is installed in. An exception method could be enabled via the registry for companies wanting to supply documentation that points to their website -- with the normal restriction to administrative privilege needed to modify the registry.
I agree with Ralph's thoughts.
You have excellent points.
IMHO we've generally moved away from requiring any kind of signing for locally installed content. I'm not sure why help would be different.
Ralph has very interesting thoughts.
Thanks for the suggestions, Ralph!