>private key signature file is not part of the installation BUT it is required in order to verify the content's signature.

That's incorrect. The public key is required to verify the signature. The private key is certainly not included, as that defeats the purpose of public/private keys.

Either way, I already said we'll make an option so the user can choose to see things that fail the security check (or have embedded URLs and aren't secured). Given that, there's really no point to further ramblings.