As aliashraf said, it is better to send a small amount of btc (dust) you agree on on advance to a new address generated by the other party.

I don't think exposing your pubkey by signing a message is a real risk though, at least for now, but "better be safe than sorry".