Always use messages signed with your address
You mean sign from an old, staked
legacy address, right?
This post is a great example of a completely useless signed message, and it's not the first time I've seen it (ab)used this way.
It can be an old staked address, or he can use a new address for being escrow, or he can use new address for each job.
But, very important, in the last two cases the new address(es) have to be first "sealed" with a signed message coming from an old staked address.
That post you linked shows how a perfect storm can be made.
We get a campaign manager that's not that old in the business and maybe not too technical either.
We get a campaign that doesn't want to pay the price of more established campaign managers.
We get a lot of non-technical people in the campaign so they don't notice that the "signature" on those funds can hold bad surprises.
And then *spoof*, the money is gone and the campaign manager admits it that the has a hardware wallet, but he didn't use it for those funds (ffs!).
Are the money stolen by the manager or from the manager, it doesn't even matter.
I am sure that Gazeta can do much better (i.e. not getting even close to having funds stolen/lost). And if he has technical doubts, he is not afraid to ask.