agreed.

I think we can leverage all these together.

to me the fact that facebook accommodates for social recovery within the paradigm of them actually owning your account, is very telling as to how acceptable it is as a flow and how robust it can be at not getting your account compromised

regardless, I think the pregeneration/HD key would be tremendously valuable as an addition to the alternatives you listed (with which I agree with).

If we were to roll this scheme now, allowing people to migrate pubkeys, I would imagine a vast number of existing users would leverage it (it's kinda OP_VAULT-y in that way)