How could the transaction be changed without needing to be re-signed? I lack the technical knowledge to understand how what you describe is possible.
You don't touch the actual signature, but there are meta-data around it. In a recent version of the official bitcoin client the format of that meta-data has been tightened so the transaction data provided by MtGox is now being rejected by the latest official version. A hacker can then take the rejected raw txdata provided from MtGox, patch it and rebroadcast it. It will get through, but MtGox still thinks it is invalid and returns balance.
I don't think I buy your explanation without providing more details.
Can you provided more details?
What is the new version of the bitcoin client that caused the problem?
When the version was released and when the problems started at MtGox?
What are the changes on the format that were problematic?
I understand that if your theory is correct, there should be initially stuck transactions that finally went through in the blockchain (the modified hacker's version). Can you provide examples of these transactions? (that appeared first in the list of stuck transactions and then went through).