Okay, how about changing how the username is parsed? If a standard format string is added, say -1000 (dash+4 digits, mBTC) to the end of the username, just use everything before the dash as an account address, and set the payout if the number is in range.
What's the difference ? It's still a mediocre solution to an already-solved problem. Just wait ! 
Eligius is already committed to the elegant kludge of Address as username, I'm suggesting leveraging this out-of-band data space for an additional purpose, which could be taken to arbitrary extremes, but I don't think my suggestion does that.
In addition I would argue that the signmessage solution is likely more problematic, as it requires processing resources to verify the threshold setting requests. This is an unnecessary liability, since threshold really does not need to be secure, as long as it is defined within reasonable limits. It opens up an obvious DDoS vulnerability for the pool server(s) on top of all the potential security problems with signmessage itself, as has already been discussed elsewhere.