The fact that the certificate is not physically installed on any device increases its security.
If the certificate is on a device where passwords are usually stored, it is relatively easy for another person with access to the device to sign for us. However, at least two-factor authentication is required to use the signature in the cloud.