Wacom protects the signature of the client in two ways: There is a protection for the data sent from the signature pad in the form of encryption. But even without encryption, the signature capture process is a collection of individual pen events, each of which is just a single datapoint that records location and pressure. These data points by themselves are not identifiable.
Secondly, the signature that is bound to a document is protected within the document itself. If the signature is imported, exported, or altered, or of the document contents have changed after the signature was applied, then the user will be made aware that the signature and/or document is not authentic.