Without a hash of the signature, there is no way to verify that a block chain was constructed with signatures, i.e. a 51% attack could steal coins. I presume BBR avoids this by enforcing that a fork from before a check point (where signatures were discarded) isn't allowed. Problem is even if someone saved the signatures, there is no way to absolutely prove that if a fork of BBR appears with greater cumulative PoW, that it isn't the valid one other than assuming the community and the lead dev can point to which checkpoints are the correct ones.
Well if someone can come up with valid signatures for one fork and someone else merely has a fork claiming to be valid but can't produce signatures, it is pretty clear which one will be more credible. I don't necessarily see a big problem here. That was crypto_zoidberg's argument, and for that reason he put the chain (with signatures) on a web site. Though I don't think it has been updated.
In Bitcoin it is already the case with UXTO pruning that if no one voluntarily saves the whole chain the system is pretty screwed.
I don't see "major vulnerabilities" here.