I mean this is the same issue if someone gets your email password and downloads your mail? On nostr you just get a new key and update your nostr address, you could have the inbox relay(s) disable the account (prevent future auths from the key), maybe we could spec that. I mean i think this is already better than current email where noone expects any privacy or message security at all, obviously would prefer forward secrecy if a spec for that existed and isnt crazy complicated. Maybe there could be an upgrade path eventually