Key revocation and rotation is a solvable problem and is ultimately about authentication, regardless if a key is ever compromised! How do you know who is who? Do you remember their npub? Where do you save the name you have for their npub? Right now it is all just a list of pubkeys in a follow list (mostly).