It's not cryptographic doom principle, as they don't decrypt before verifying signature, they just parse. It's still kinda sorta bad, but in a different way.