Another topic I’d like to think through further is with regard to MetaMask’s snap system and if and how exactly it might improve the relationship between the account coordinator and the key manager. In that scenario, the account coordinator would ask for specific permissions to access different keys from the key manager. Does that mean that if the account coordinator is compromised the permissions it has on the various keys also become compromised?
If so maybe you actually wouldn’t want that kind of access from the AC?