The weak link in my model would be where a system design uses weak/stupid OPsec. For instance, they stupidly keep a staked wallet online and worse they don't encrypt their SEED since they don't use the wallet for transactions. Not thinking, when someone hacks their computer and the seed is visible they can create the same wallet and then sign accounts on the hacked username here. I know this is BTC-101 but if your seed is stolen so is your ID where address signing is used. I know you are familiar with this, but its the weak link.
I place great deference to signed btc addresses. If I see a member did things correctly and if they can sign again while I am dealing with them via PM or wherever I will accept that. I spread TRUST sparingly but you have to use tools to help you. Its good enough for me!
I get you. Would another layer of opsec like pgp signing would make things better?
We have to account that people save important info on their computers that they shouldn't. It's pretty hard to be fool proof as far as I understand it.