I didnt much like the standard JCE way of signing things. Basically the application needs to have a copy of the Private Key to do anything, which isnt overly secure and it also means that every application needs to handle Key management etc.

For NeuClear Ive just finished reimplementing our Digital Signature model using a very different approach of blackbox signers that transparently handle all the keymanagement for the application. Read more about it on the NeuClear site