The self-signed certificate (Section 3.1) prevents a requestor from requesting a certificate with another party's public key. Such an attack would give the requestor the minor ability to pretend to be the originator of any message signed by the other party. This attack is significant only if the requestor does not know the message being signed, and the signed part of the message does not identify the signer. The requestor would still not be able to decrypt messages intended for the other party, of course.