Hi,
The certificate mentioned by Matt is used for licensing. It has nothing to do with digitally signing a document by user. You need to pay an extra license for editable pdfs. This cost can be bared by somebody who reads/edits document by purchasing Adobe Acrobat (not Reader) that allows you to modify pdfs. The other option is that who generates a pdf have a special license that enables edit functionality in Adobe Reader. As you can image the companies usually go with this option because they can not force their users to purchase Acrobat. The way how it is implemented is PKI. When you purchase a license Adobe generates a certificate for your installation of ADS. This certificate needs to be installed with your ADS. When Reader opens a document that is signed by this cert that is trusted by Reader bacause it is signed by Adobe then it enables edit functionality.
I quickly checked the documentation and it seems to me that signing is completely handled by Adobe Reader. My understanding is that user goes to a web dynpro application which has embedded pdf. This pdf is opened in Reader and reader functionality is used to sign a form. It has nothing to do with SAP user. You could download the pdf, open it in Reader and sign it there without connection to SAP system. SAP provides an API that allows you to retrieve signatures from pdf document by calling ADS web service. But I believe there is no direct link between SAP user and cert usec for signing pdf document.
Cheers