I don't have anything meaningful to add to the discussion, but just wanted to say "Thanks!" to you, and the work that the Beam people have done to try and keep things as secure as they can. It'll never be perfect, but doing that work is important, and if it's done correctly the end user doesn't even know you did anything at all.
It's also really good to hear such an open and direct description of how things were/are, too. Clarity defeats the risks around obscurity of the unknowns. When the general public is given more info to work off of, they have a better idea of where the risks are, and how they can defend from, or if they are malicious - attack from, accordingly. The sharing of that information simply works to define what the areas of concern are for everyone involved.
It's also really good to hear such an open and direct description of how things were/are, too. Clarity defeats the risks around obscurity of the unknowns. When the general public is given more info to work off of, they have a better idea of where the risks are, and how they can defend from, or if they are malicious - attack from, accordingly. The sharing of that information simply works to define what the areas of concern are for everyone involved.