A signer modifying the order of inputs or changing outputs when "re-signing" a transaction (which already has dependent child transactions spending its outputs) seems like quite a different hazard than a malicious third party modifying a transaction in the mempool by twiddling opcodes in the signature scripts. The former seems like more a matter of keeping your own house in order (an internal affair) while the latter is an external threat beyond the transaction writer's control.
While I agree that having a canonical ordering for inputs and outputs might be useful in some cases, there are also use cases where the relative positions of inputs and outputs are significant, where reordering would change the semantics of the transaction. SIGHASH_SINGLE, for example, makes an association between an input index and an output index. Open Asset colored coins are identified by the order of inputs and outputs.
Let's keep canonical ordering separate from the normalized transaction ID proposal. Baby steps. Normalized transaction IDs provide an immediate benefit against the hazard of third party manipulation of transactions in the mempool, even without canonical ordering.
-Danny