Thanks @Dominic I'm gonna brew on all your points.

I agree hugely that revoking trust / deleting shares is a big plus, its one of the first things that people point out as a 'pitfall' of Dark Crystal, is that you cannot revoke trust. Lives change, people change. So finding a solution to this is definitely a high prority for us.

Later, she wants to update the share - she sends a message to bob: "please delete that share" and bob deletes his ephemeral key. Now bob can't decrypt that share anymore! So if an attacker gets a hold of bob's device, they won't have that share either.

The implication in this scenario is that if say Bob does lose his device, if he were to regain access to his identity under the Coconut Death scenario 1, the ephemeral key is no longer available (since it was stored locally on Bob's old device), Bob can no longer decrypt the share, thus effectively invalidating Bob's share for Alice's secret. Technically speaking (rather than human), Alice no longer trusts Bob since he lost his identity so Alice can no longer regain this share from Bob. Would it be possible in this scenario for Alice to basically then say, okay, you've got your identity back, I trust you again, I'll send you a new share. Some SSS implementations allow for adding a new share, though under what conditions I cannot recall right now, but I think you might have to have access to at least one already existing share, possibly the quorum.