Certificates have a public and a private portion. When a user exports your certificate from their certificate store (via IE), they are only exporting the public portion. In fact, they never have access to the private portion of the certificate. Read more
here.
I'm not sure how certificates would be involved in signing a PDF, but I imagine you'd need access to the private key when signing it. Anything that is encrypted with the private key can be decrypted with the public key and anything that is encrypted with the public key can be decrypted with the private key. However, something encrypted with the public key CANNOT be decrypted with the public key; same goes for the private key. At least, if memory serves me correctly.