Yes, I saw. I just thought I'd tell him too.

The CLAM client signs its transactions in the same way as Bitcoin clients do, with minor changes - the version byte is different, there's an optional 'clam speech' field, etc.

It's not too big a job to review the code and see how the signing is done if you have the required knowledge. But if someone doesn't want to put in the effort and isn't willing to trust the signing code without reviewing it then they don't have to claim their coins.