Bitcoin has a separate schema for signing textual messages with a special magic prefix ('\x18Bitcoin Signed Message:\n'), which would prevent such an attack.

Edit: here's a JavaScript implementation I wrote that does that, if anyone is interested in details: https://github.com/cryptocoinjs/coinmsg/blob/d2cb985dd9994f1...

> Very bad idea to sign everything that comes your way, kind of like `eval` on text input.

Nowhere did he suggest this.

Others said it in the replies. And any implementation that tries to check the message opens up another avenue of attack.