Well, I just find a way to save it.
Let's have a new SIGHASH type called SIGHASH_ANYUTXO. Signing with this tag means that the signer would allow the redemption of any UTXO of the same address. So the signer don't need to specify the hash of the UTXO. The signature is valid no matter how the txid is changed. As long as the signer is not reusing the address, that would be safe.
Any comment?
That's what I've been saying for ages... though it'll have to be implemented as a new CHECKSIG operator due to Satoshi screwing up upgrade possibilities in CHECKSIG.
I'm not sure you can really blame Satoshi for this. Either OP_CHECKSIG is useless, or any changes to it mean a hardfork anyway. Consider an "upgrade" that your node is unaware of. Your node will see it as an invalid signature. You can either accept all invalid signatures (which makes it pointless to check), or you can be forced to upgrade your software to keep up (which is what a hard fork is).
Contracts can be fixed with a softfork, bumping the block version to 3 and requiring that all signatures in version 3 blocks be in minimized form.