Right. It's possible to conceive of a rollup, particularly a zk-rollup, without anything like a master key. But current rollups do have those keys. ZK-sync for example has two, one used mostly used for upgrading the smart contract that has a 14-day withdrawal delay (or something like that) and one for use in case of emergency that has no withdrawal delay. If the second were compromised, it would lead to all the money stored in the rollup being stolen. But there's no reason in principle that either of these are necessary.
ZK-rollups are awesome because they don't introduce any trust assumptions (except for the master key issue, which is just an implementation detail). The only risk is current zk-rollup designs is that they could censor certain transactions by never including them in a "batch" (the rollup equivalent of a block), but with unpermissioned rollups like the one I think Polygon has even this issue is mitigated
ZK-rollups are awesome because they don't introduce any trust assumptions (except for the master key issue, which is just an implementation detail). The only risk is current zk-rollup designs is that they could censor certain transactions by never including them in a "batch" (the rollup equivalent of a block), but with unpermissioned rollups like the one I think Polygon has even this issue is mitigated