I believe the point is that such a signature is useless since the software signed as safe is actually unsafe, while a self-signed rom at least has a chance to be safe.
this reminds me of when team-teso had their stuff on their website directly accessible over https.. so they used a self-signed cert, so that no govt or corporation could require a MITM with a valid signed cert from any trusted CA.