Okay that is clear to me. Overall, that's a bigger security issue innit? All the power is focused on one single key instead of distributing it across different auth methods Am I missing something?