Well it's really not an identity, but an alias, a pseudonym. A domain owner or DNS could a) steal your alias or b) erase it. In case b) you just set another alias, but case a) might be a bigger problem - people could try to impersonate you and scam others.

I've seen people in Nostr design telegram group proposing visual markers on avatars that depend on pubkeys so that users would notice a different pubkey impersonating a familiar one. Haven't seen that implemented anywhere yet though