Is having two checksig/checkmultisig commands in the same script actually even a problem? I'm now thinking that maybe scriptSigs are not even part of the sig hash, which would eliminate the problem entirely.
It's not a problem as long as the signatures are always in the scriptSig and never in the scriptPubKey.
For a while I thought including a signature in the output might allow you to do some neat things like restricting the form of the spending transaction, but it can't work - the signature is calculated in the context of the spending transaction and thus always signs over the hash of the connected transaction, which is the thing you need to insert the signature into. Signatures can't sign themselves.
The scripting system is flexible, but not as flexible as it might at first appear - scriptPubKeys can't contain signatures, and whilst scriptSigs are allowed to contain code there's (as far as I can see) no point in doing so. It really is primarily meant for containing signatures.
It would have been cool if OP_CHECKSIG allowed for signatures over arbitrary data rather than requiring it to be transaction hashes. However that isn't possible.