anyone could intercept the unauthenticated email link in transit and impersonate the signer
So?
If they sent a paper copy, anyone could intercept it in transit and impersonate the signer. In both cases, this would be fraud and to quote from my answer to How to prove the genuinity/nongenuinity of a signature?
Fraud would have to be proved: it would not be sufficient to say "I did not sign that"; the person would need to demonstrate that a fraud has been perpetrated.
A party to a contract is entitled to rely prima facie on the validity of the signature. A person would have to provide evidence that it was not their signature or had been affixed without their knowledge or consent.
A court would look at the entire circumstances surrounding such a claim; if a person had, up until the dispute, acted as though they had signed the document then a court would probably not countenance an argument that they hadn't.
It is always possible to construct contrived circumstances where this or that could happen but, in reality, they are extremely rare. Unless you are dealing with a con-artist, you can trust the signature; if you are dealing with a con-artist, you have bigger problems.
It is irrelevant whether the signature is in ink or in bits, the same principles apply.
Of course, it is entirely possible, even likely, that the link sends a lot more information back to the HelloSign service than you think it does. Information that can both validate signatures and be stored as evidence.
