Waxwing, arubi and I were discussing this for coinswap. We think we came up with another method of malleability that could cause serious problems.
In my above post I only thought about highS/lowS malleability, but there is another way involving adding OP_NOP opcodes to the scriptSig. See
here (click the </> symbol on the top right, the first input has OP_NOP added)
I think this is non-standard but valid on the bitcoin mainnet. Which means a miner could be either Alice or Carol in the coinswap protocol and then mine a malleated paying-in TX0 to hold the other party's money to ransom. Also a miner could do this to random transactions as a way of attacking the network.
There's basically an infinite number of ways to add opcodes to scriptSig, so we can't use the same trick as above of signing every possible backout transaction.
If there's no way to fix this then we can't safely do coinswap. One thing we need to check if whether this thing is really non-standard but valid.