Though in a case like this attackers would likely revoke (or publish) the private key.