You're not wrong that there is indeed a significant issue, but the parent isn't wrong either. If the attacker already has a private key you've probably already lost the war. Yes there's a real issue there but by the time an attacker reaches it they're already in the castle's keep.
> the parent isn't wrong either... if the attacker already has a private key you've probably already lost the war.
When you lose your private key, you have lost the war to protect your identity - anyone else can now be you. But in a properly designed system, that should not also compromise the signer.
If I steal your license I can pretend to be you, but I can't make the government say you are 7 feet tall.
You may be making the point that a compromised keystore holding all users public keys may leak the signers private key at the same time it has leaked the victim's private key, but there are many ways the victim's private key can be leaked in most cryptosystems (eg, the victim's private key on their device may be stolen).