Even just offering the option to assign one pre-determined bitcoin address would provide an equivalent level of security, even if you did no PGP automation whatsoever. The pre-determined bitcoin address could either be a) withdrawn to directly, or b) for those who know how to sign messages, it could be used to sign a message that permits withdrawal to some other address. All of this could be evaluated in any environment already accustomed to working with bitcoin keypairs.
We could easily add the "limit to one bitcoin address" thing, but there is a problem with the bitcoin message signature process that makes it difficult to implement (last time I checked the bitcoin message signature uses a different way of signing compared to transactions to make shorter signatures, but it's been an issue).
This would still be a much easier problem to solve than, say, adding a dependency on PGP, given that all the necessary code can be lifted directly from the current build of bitcoind.
And signing aside, simply allowing one the option to restrict their account so that instant bitcoin withdrawals can only go to a single bitcoin address would be of trivial complexity and yet would result in an enormous leap in practical security. That may not work for some, but for others, it is so simple to understand as to be a meaningful confidence builder. If you ask people to write that bitcoin address on their AML docs as they send them in, you've got a bulletproof paper trail connecting the withdrawal address to the customer.
The unspoken underlying fear is that one might have their funds disappear and be in a "he said she said" war with Gox as to how the withdrawal actually occurred. If MtGox adopts policy and procedures that ensures that all withdrawals can be positively accounted for, and that instant withdrawals to arbitrary addresses are easy to limit, it literally reduces the customers negative fear of unauthorized withdrawal.