Hey Andrew its Justin, it was great meeting you at the TQ event last year.
I think this depends on ones view.
If you think Tezos should remain a secure chain - one worthy of being a monetary instrument - then security is paramount. If the view is more around STO or just game use cases then security can be traded for convenience.
I’d put the monetary instrument valuation well over 100 billion marketcap, over seven years. I don’t know how to evaluate an STO/game database, it cant be worth much.
Bakers need the ability to change their key in the event of suspected comprise. Even though this too is a security trade off. Because it enables secondary markets, where bakers can sell their delegates to another baker. This makes reasoning about a 51% attack more difficult. Yet I support bakers being able to change their keys. Notice Adrian and Awa never mention this obvious risk. Nor do they do analysis on it, as any core developer proposing it should.
The primary reason that bakers secure their nodes is the bounty the node has attached to its key, not slashing. This bounty is the reason every baker obsesses about security and so secures their node.
Bakers are unlikely to obsess about some remote chance a hacker takes the time to swipe their non-spendable consensus key and gets them slashed for lulz. Many will leave the key on the disk rather than hardware wallets, over time. Which greatly undermines the security of the network. Because state actors and rival chains would be the hacker exceptions. This would take years to play out but fatal if it occurs.
Notice again, that Adrian and Awa do not do analysis on their new network security model which removes the key bounty in favor of only slashing risk. Any core developer proposing large security trade offs should have analysis supporting their new model.
Another point if you’re serious about slashing risk being the necessary incentive to secure the chain you can make a strong argument for in-protocol lending (bonding pools/self-bonding) as Awa has previously.
Overall bakers need the ability to change their keys. Yet removing the key bounty, and going to an only slashing model for securing nodes makes zero sense from a network security prospective. Because the key bounty is the primary incentive to secure the node, not slashing. Moving to non-spendable consensus keys is trading momentary convenience for future catastrophic risk.
I think the way forward is to make the consensus key spendable. Or someone implements a native solution to just change the existing key, easy.