There is a weakness leading to ability to create "universal" signature without having a key. Also, it's possible to spoof content in case more than one key is allowed. It's also possible to deliberately create "weak" signature which will lead to private key compromise.