Tampering with signed binaries sounds pretty serious

It depends on how they're signed. A signature format that works on individual objects inside of an archive, rather than on a whole signed archive, seems crazy. In this case, it's a JAR file loader; doesn't seem like that big a deal?

	▲	layer8 3 days ago \| parent [-]
		If you want to have the archive contain the signature, you can’t sign the whole archive. Signed documents (docx, odf) work that way.