Signing verifies identity, nothing more. That keylogger was yours. In this case, signing putty tells us that it comes from the putty maintainer. The content, what it actually does, whether its not malware inside, etc doesn't matter.

Putty should be signed, imo.