That's a good point, but I'm not aware of any wallet software that would re-use an imported key as a change address. I understand this is a strong theoretical concern, but do wallets actually work this way - especially a wallet that a novice would use? Would you suggest another way for people to claim their tips, or is this risk just inherent to this project?
(It should go without saying, but I'm not interested in doing anything nefarious with stealing anyone's tips. I actually can't steal anyone's tips - the private keys are unrecoverable once a post is made. It's in my best interest to incentivize people to make more posts by ensuring they're able to get their tips any not stealing anything.)
In any case, I appreciate the scrutiny from a security standpoint, so thanks for bringing this up.
I know blockchain.info prompts users to "sweep the key" when they try to import; perhaps you should at least use that language until there exist better methods. I have definitely heard of users losing funds because an insecure key was used as a change address behind the scenes in their wallet software. It might be a better solution to keep the tips in your own wallet and create an interface for withdrawing to specified addresses; that way no user can accidentally leave an insecure key in their wallet.
Edit: You can also give users the option to specify their address when they create the post; that's probably the best solution.
