I’ve taken advantage of non-signed assemblies to get around issues before and in academic settings shown people why it’s important. I replaced a DLL file that was unsigned (again in an academic setting) with one I made with the same name, same signatures, and used .NET Reflector to copy and paste the original code, but in mine I emailed user names and passwords that were being passed in before calling ‘real’ code.
If signed, you can make a signature match, but not replace. Contrary to what Zippy says, there will be a run-time compliation error.
Signing assemblies is never overkill. It takes 30 seconds. It’s like saying locking your doors is overkill if you live in the country. If you want to gamble with your belongings, go ahead, leave it open. It only takes one security breach to get fired. It only takes 30 seconds to sign an assembly and there’s no business case not to. The performance impacts is negligable.