Someone tested [0] and the result agrees with you. And this Gmail help article [1] elaborates on the scope of protection, which is equivalent to "IP address and HTTP headers":
> Google scans images for signs of suspicious content before you receive them.
> These scans make images safer because:
> - Senders can’t use image loading to get information about your computer or location.
> - Senders can't use the image to set or read cookies in your browser.
> - Gmail checks the images for known harmful software.
Sometimes, senders may know whether you've opened an email that has an image. Gmail scans every message for suspicious content. If Gmail thinks that a sender or message is suspicious, images aren’t shown and you’ll be asked if you want to see the images.".
###
Personally, I think this is quite silly, because I routinely disclose my IP address and HTTP headers without considering it particularly sensitive, but I don't want senders to know that their their email messages have been opened.
To validate a signature, the code doing that validation needs direct access to the message prior to any rewriting. I don't think the proxy introduces any barriers to that access, assuming the validation occurs on Gmail servers, as the Gmail interface can present the results of that server-side validation.
If you wanted to validate it yourself instead of trusting Gmail to do it for you, you'd use the "Show original" feature which gives you the original (per its namesake) without any rewriting as well. I assume (but haven't tested) that connecting to your mailbox via IMAP, POP, etc. also causes you to retrieve the original, with the rewriting only coming into play when using the Gmail web interface.