What about a scenario brought up by a reddit user: a hotel clerk in a tourist destination handles a hundred international passports in a day. Is there some way they can surreptitiously grab a signature from each of them and use them for an attack?
Isn't necessary.
There were already three announcements (just on this forum) that big database dumps of x00.000 real passport data records with signing keys (if holder applied for passport with keys) will be released if this stuff doesn't stop.
It's known from most countries that only 5% till 25% of the passports are signed. Reasons: people don't want that and passports with keys are more expensive in applying fees. People who dont applied for keys get passports contain that an empty or dead chip, depends on country.