Updating a differential using arc diff --update requires that the user be the owner of that differential. If a user is not the owner, it's necessary to Commandeer the differential in order to make the update. When using arc commit --revision XXXX (with svn) to commit a differential revision, however, there is no requirement that the user is the owner. The result is that a simple typo in the differential ID can commit the wrong message and update and close the differential with incorrect data.
It seems to me that the simple fix would be to make the ownership requirement standard across the different arc actions. I think it would not be an overly difficult requirement to only be able to commit diffs you own, just as with updates. This would make it an explicit action to commit a diff you did not own and help prevent users from accidentally committed the wrong diff (at least someone else's).