I think that changes with Taproot though, otherwise native mutisig would not work. I suppose the mitigation would be to keep high value wallets on hashed public key addresses.
>I think that changes with Taproot though, otherwise native mutisig would not work
Can you elaborate on this? AFAIK taproot only makes it so you don't have to divulge the non-executed branches of code, but everything still uses hashes/ecdsa signatures so the threat model stays the same.
