But how does that show up in the user interface? I don't know how you would explain what the signature means or implies, or what you do if the signature is broken/missing.

The only thing that a maliciously modified iteration count can do is cause money to be sent to an address that's beyond the recipients gap limit, meaning they won't receive it (unless they reconfigure their software and rescan). But you can't steal money that way.