Oh yes that is exactly what I meant by not having access to the keys, I use one of such services myself. I do however consider them a bit more secure than signature stamps as should the provider become compromised, their upstream certificate would be revoked, to my understanding this would invalidate all of the signatures. The same as any CA