It's a good one. And yeah, huge tradeoffs, with a really interesting spectrum. For example, if you try to protect your privacy by using one-off keys for every website, you've just re-created single-use logins, but with no password recovery. We have to come up with a framework for when to generate a new key, when to re-use one, and which key to re-use — then of course make software that helps users manage that complexity.