# Gavin Andresen
# 2011-04-25 23:28:33
# https://bitcointalk.org/index.php?topic=6428.msg95410#msg95410

@s{quotedtext}
@s{quotedtext}
 @p{brk}
So: the danger isn't revealing private keys (I mis-remembered),  the danger is a naive developer will see the signmessage RPC command, not realize that signing arbitrary data can be dangerous, and put up a web page that lets somebody enter arbitrary data to be signed with one of the developer's public keys. @p{par}

This might just be a documentation issue, although if signmessage was changed to sign a hash of the passed-in message instead of the message itself then it would be completely safe.