As you all now there is a Signing Method called “eth_sign”.
While reading the MetaMask Docs (MetaMask Docs → Signing Data → A Brief History) I came across this part says:
"In particular, the method eth_sign is an open-ended signing method that allows signing an arbitrary hash, which means it can be used to sign transactions, or any other data, making it a dangerous phishing risk.
For this reason, we make this method show the most frightening possible message to the user, and generally discourage using this method in production. However, some applications (usually admin panels internal to teams) use this method for the sake of its ease of use, and so we have continued to support it for the sake of not breaking the workflows of active projects."
I’m wondering what the meaning of eth_sign being an open-ended method and what a hacker/scammer can do with my eth_sign signature, in short, what is the maximum a hacker can do with only my eth_sign that I signed on a fake website.