When these outputs are spent by the input of another transaction, the signature is not in the scriptsig. THAT IS ALL THAT THIS DOES!
seriously you said it yourself but you are not realising what you are saying
read the part i quoted you.. and realise that because OLD clients wont see the signatures because of exactly what you said.. then there does not need to be a signature..
because old clients wont validate it.. they would blindly overlook it if they seen a funky transaction in a block that has no scriptsig where it suppose to be..
so a malicious miner can just not sign it. (because they dont even have that random inputs key), knowing the rest of the network would overlook it.
its only weeks later as a separate transaction that things will be signed. and what would be signed is what was the output address of that funky transaction that has been blindly confirmed by 3000+confirms.