Arguably, it was flawed because the baking account and the consensus key are not really 2 accounts. They are not really a single account either, they are “one and a half accounts” sharing the same balance.
Instead, can we have the baking account and consensus account be 2 regular accounts?
Today, to register as a baker, you nominate your own address. In this new model, you designate a third address which you control. The key for this address becomes your consensus key, signing blocks and endorsements.
The bond is taken from the baking account and rewards are distributed to it. The consensus account should have a small balance to pay for fees, but this balance is not taken into account for stake calculation. The consensus account can interact with a smart contract just like any other account.
Today, the consensus key can spend the unbonded funds at stake. To preserve this property, in this new model, a special new operation in the protocol allows the consensus key to “steal” all unbonded funds from the baking account.
This model is much simpler to reason about and eliminates all edge cases listed in Nomadic’s blog post. If I am wrong, please explain.