Okay, so this isn't actually implemented yet, but my idea is that if you observe a fork, you broadcast that as a proof that the feed it compromised, any everyone stops replicating the feed. So a compromise can kill a feed. For messages that where in the original feed, and have replies on unforked feeds so you can still securely identify those messages via the hash. This way, if someone gets your private key, well, they can break your feed, or extend it, but then you can break it.