I don't think it's quite a blank check, but it would enable replay attacks in the form of sending the money to the same place it was sent before if an address ever receives coins again.

Right, good point. I wonder if this sort of auto forwarding could even be a useful feature. I can't think of one right now.

It's hard, though, because there is different data needs to be signed for each input.

Yes but is that fundamental or is there a way to avoid it? That's what I'm getting at.

Another possibility would be to put the previous scriptPubKey and previous output value at the END of the serialized transaction, so that you could make use of some sort of a signature hash midstate.

Interesting idea! I don't agree it's messy. If anything it should be simpler than what we have today - the need to edit a transaction in the middle means that sighash computation involves constantly reserializing a transaction before it even gets to be hashed.

Is hashing transaction data once for each input really a huge bottleneck, though? Do mobile devices have an issue with this?

Consider what happens with very large transactions, like a big assurance contract that might have thousands of inputs and be multiple megabytes in size. Obviously such large transactions cannot happen today, but there is user demand for giant contracts (or at least, users tell me there is, whether they'd actually do it for real is a bit unclear).