no, their tie their pubkey to someone elses name. Signing would prevent name-spoofing.

For example, i cannot post a message to a relay with your pubkey because i can't sign the message, but i can create a profile with your name and my pubkey because there is no verification. I don't need to hack your server, just create doubt.

btw thanks for responding, i'm implementing a relay and getting to grips with the NIPs, so would be good to know if i misunderstand things. 

 There is no way to lock a name, you can also legitimately be daniele; and this is a different matter from NIP-05, that instead is unique and can be verified.
In your example signing would not help, just check the author npub, that's the source of truth (and indeed it is used in a signature check).

Thank you for building :)