Don't know if this is the correct forum, but I think I found a flaw in multisig. I may be wrong. I used electrum to test.

Setup two 2 of 2 offline multisig wallets. Put some funds in. Setup a watch only wallet as a SINGLE wallet using only ONE of the multisig wallet's master public keys. Initiate the spend txn from the watch wallet, sign txn on the one corresponding offline multisig wallet, broadcast the txn from watch wallet ie a cold storage, offline wallet txn. And it works! You've spent from a 2 of 2 multisig with one signature. I hope I'm wrong!