Why are the inputs of Bitcoin transactions signed?

This is my understanding of what a transaction looks like:

inputs:    input0:      txid: <funding tx0 TXID>     outputID: <output ID of UTXO in the funding tx0>     scriptSig: <pkhash_redeemer> <sig0_redeemer>   input1:      txid: <funding tx1 TXID>     outputID: <output ID of UTXO in the funding tx1>     scriptSig: <pkhash_redeemer> <sig1_redeemer>   ... outputs:    output0:      scriptPK: <scriptPK for new UTXO>     amount: <amount for new UTXO>  

Where the signature <sig_redeemer0> is over:

  • <funding tx0 TXID>
  • <output ID of UTXO in the funding tx0>
  • funding transaction’s Pub Key Script
  • <scriptPK for new UTXO>
  • <amount for new UTXO>

I’ve read much that states things along the lines of: “the signature is over the entire transaction” or “the signature signs all the inputs and outputs”. However, there are a few points of confusion I have:

  1. Do multiple inputs necessitate multiple signatures? Or is my example wrong?

  2. Why do we need to sign the inputs of the transaction?

If the inputs aren’t signed, that means the following are left unsigned:

  • txid of funding transaction
  • <output ID of UTXO in the funding tx>
  • sequence number (?)

If all outputs are signed, the amounts and scriptPubKeys of all UTXOs from funding transactions are fixed. An attacker might be able to change the inputs to the redeeming tx, but they are only unlockable if the inputs remain the same, so an attacker can’t use an arbitrary input.

Any help would be appreciated! Thanks