Fair pushback. I’d frame the risk less as “someone robs you for today’s tiny tips” and more as “a public social key quietly becomes a durable payment identifier.” If your setup is tiny tips + burnable key, fine. I just wouldn’t make that the default users stumble into.