Can signmessage be used to spend coins?

[domob]

I'm working on a project which will require users to sign server-provided challenge messages with the private key of one of their addresses.  Since a signature with that key is basically also what allows to spend coins from that address, I want to be sure about the security implications for my users.

Assuming a user can be tricked to "signmessage" arbitrary strings provided by an attacker, can this be used to spend the user's coins?  I presume there is some safeguard in the protocol such that the data signed with signmessage is of a different "format" than signing of transaction outputs ... is this the case, or can a message be crafted such that the signature on it can be recast in a form to validate spending a transaction output?

Of course my server is not going to issue rogue challenges to sign, but before I tell people to sign randomly provided strings and make them used to it, I want to make sure this can't be used to attack their coins.

[Mike Hearn]

All messages signed with the signmessage command have "Bitcoin Signed Message:\n" prepended to them for exactly this reason.

[domob]

All messages signed with the signmessage command have "Bitcoin Signed Message:\n" prepended to them for exactly this reason.

That is what I supposed, thanks for confirming it!