There should be no safety reduction from using disk spanning in follow: all data files extracted from your unsigned .bin files bear SHA-1 verification (provided dontverifychecksum just isn't employed). The SHA-one hashes for this (in conjunction with all other metadata) are stored inside of Setup's EXE, which is safeguarded from the electronic sign