For the problems of knowing who DMs who, the NIP-42 could possibly solve this. It would however require its impementation being mandatory for a relay, and require a user to be authenticated towards said relay in order for it to send the DMs back though. And for the wallet that gets hacked, I'd say... Don't use a client that doesn't support an extension to handle the keys (not sure though) ? Or a signer app (Again, not sure if that's the intended purpose, nor if they are widely supported 😅)