Seems more like signing a check someone else filled out for you. You can still verify the amount and refuse if it's wrong. Or am I wrong? Doesn't the transaction have to include all the relevant details before it's signed?
Yes, technically the transaction body does include all details.
However, decoding and verifying a complex transaction takes about the same amount of work as generating it yourself to begin with...
Their documentation clearly expects you to blindly sign whatever tx they make up for you. There's not a word on verifying the transaction locally before signing it.
I see, that is disconcerting. Though it doesn't seem to be an issue with the multisig transaction api specifically. The single signatory api implies a certain amount trust that they'll produce the correct transaction as well.
I agree that that trust should be more explicitly explained.
However, decoding and verifying a complex transaction takes about the same amount of work as generating it yourself to begin with...
Their documentation clearly expects you to blindly sign whatever tx they make up for you. There's not a word on verifying the transaction locally before signing it.
http://dev.blockcypher.com/#signing_sending