Does the page prevent iframe renders? (Cross-Frame Scripting)

[Kmoneal]

An easy phishing attack is to render the webpage under an attacker's page to steal user information. This is not the biggest concern unless users put ethereum on addresses that we provide them (exposing their private key when logging in).

[Kmoneal]

Would this be a concern for signing messages using MetaMask?