To create a P2SH multisig address, some entity in the process
must be in possession of all pubkeys. Pubkeys are generally considered safe to share, publish, etc. That's why they are called public keys.
WIF works perfectly well for keys used in multisig. You can import all of the keys into the client if you want, or you can specify them in the RPC signrawtransaction call, and whatever infrastructure you create to support your system had better be able to read them too.
When redeeming, signatures are also safe to ship around. Signatures are big, coding them in base58 makes them bigger. No one is going to be processing them by hand. Signature problems will just show up as an invalid signature, and they can find the problem and try again. It isn't like a key or an address where an error can drop coins into a black hole.
Look at
BIP 10. It is about shipping signatures around for multi-party transactions, but it looks like it would work perfectly well for P2SH multisig too.