Have administrator configurable limits on signature lengths, both line number and lengths, with a reasonable default. 6 lines 80 characters wide would be a reasonable default, and reduce the impact of phishing attacks. This could be implemented as a plugin at first, but I feel it should be a built in feature in future SquirrelMail editions. It should also grandfather existing signatures, so that when this feature is implemented, existing signatures should not be truncated.
I've seen widespread phishing of SquirrelMail accounts. Once compromised, the account is used to send out spam. The content of the spam message is saved as a signature.