3rd party could add a number equal to Curve25519 group order to create a valid transaction with another id. That's how DoctorEvil hacked Nxt to replay a transaction.
Also the legit owner of a transaction could generate zillions of valid signatures for the same set of data.
Aha - my math lets me down unfortunately but I do get your point.
So is there any way you think that this could be solved?
Easily. We just need ID_2 that is calculated like ID but with signature bytes set back to zeros.