Personal opinion: It's probably one of the reasons we're the most popular Python web framework, especially amongst people with no prior Python experience.
We may change that policy in the future (we've discussed it) but we're not going to change it just so the signing feature can get in to Django 1.2 - and I'd really like to get signing in to 1.2.
Nobody is going to have their identity stolen because of this feature, but it would be nice if they stopped implementing any more crypto. Arguing against signed cookies is tilting at windmills, but that doesn't mean marketing crypto features is a smart move.
We may change that policy in the future (we've discussed it) but we're not going to change it just so the signing feature can get in to Django 1.2 - and I'd really like to get signing in to 1.2.