Thinking about it here, if there was a way to keep, during the creation of a new key, the peers that would be the certifiers of this key, a scammer could not try to circumvent the process because it would have to convince the peers originally defined during the creation process of the key itself. The risk would be for those who have not yet done this (current transition process) or for those who skip this stage of the process. This way, the user can even create certification identities to be used like as a "recovery emails". An attacker, to steal a key, would have to steal several, if the user decided to certify his key himself with your own certification accounts, or convince friends of the attacked user, if he delegated this work to real accounts. 

 This way, it would be safer to have your own certifying accounts. But as a last resort, friends are defined at the beginning of the account creation process. In the first case, he must keep these certification accounts well to use in a recovery. In the case of indicating real people, the process described above takes into account the extreme case of the subject not having created certifying accounts, or losing these keys.