OpenPGP signature spoofing using HTML

I'm reminded of filing (or imagining I was filing) a wishlist bug for mutt, to be able to move the GPG verification to a sub-process, and update the displayed mail once it had completed, for signed but not encrypted mails at least (the vast majority I read). Quite frequently I must wait a long time for a mail to display if GPG has decided to update it's trust or whatever internal thing it is doing. This is apparently very challenging with the present mutt architecture.