I think we could make it so the possibility of these entities colluding is small and then tradeoff is reasonable for most people (but not for all, of course) -- the alternative of trusting a single provider to hold absolute power over your entire identity, like x.com, is far worse.

I don't get what you mean by "various kinds of delegation or setup with the initial key". What do you have in mind there?