it works..  the vast majority of flexcoin clients know the policy...  you know perhaps we should formalize some sort of standard for bitcoin companies that accept that policy (you, mtgox, campbx, flexcoin) ...  literally a jointly owned site that has some basic security initiatives that apply directly to our clients.  Just basic things that individuals can do to ensure they are not getting phished for example.

1 . Such as no links in e-mails.
2 . If you see an e-mail that has a link or is suspicious please report it to security@xxx.xxx
3 . Do not enter your credentials on a site that looks suspicious.
4 . If you come to the website and it's missing an HTTPS (secure) then do not provide any information and report it to security@xxx.xxx
5 . XXXX company does not provide login forms on any other site other than XXXX proper.
 
If the site is signed by all companies involved it would at least give a comfort level for both us and our clients knowing that individuals have a clearly labeled security policy to protect themselves.