Coinkite in a blog post revealed that a number of their customer's transactions are continuing to be affected by malleability issues (archived) which stem from valid signed transactions having more than one potential transaction ID number until mined. Previously malleability concerns stemmed from different possible valid encodings with MtGox being a noted transaction encoding deviant. The malleability issue affecting Coinkite is that a transaction ID may use either the low or high S value from the ECDSA signature of a transaction. Transaction ID's have never been a reliable tool for distinguishing unconfirmed transactions, and any service that depends on using them to distinguish unmined yet broadcasted transactions does so at their and their customer's peril. Considering the disastrous forking that resulted from the last attempt to soft fork away a malleability vector it is unlikely this can or will be addressed through a soft fork process. Transaction malleability is one of many reasons to wait for confirmation through mining before accepting a Bitcoin transaction.