On Blind vs. Validating Signers:

If you have access to a signer that blindly signs everything, it's as good as if you had access to the private key itself, even though the private key never leaves the signer!

That's why a signer needs to validate -- either by the user, or by algorithm.