It sounds absolutely fantastic - it also sounds incredibly difficult to fully test and implement. But that doesn't stop me from looking forward to a day where this type of contract can be realized.
Earlier today I was reading the discussion happening around #240 and was eager to learn more of what was to come. I'm sure discussions have happened around this topic someplace, I've just never been exposed to the directions that were possible.
So with that being said, great job and thank you for the insights!
My only concern really was this:
Those who do not want to worry about this potential vulnerability could disable it and take on the responsibility of ensuring their password/keys are never lost as they do today.
I don't think it should be something users have to disable, I would want it to be a feature that isn't enabled until I choose to do it. Contracts like these should be as optional as possible, as personally I believe everything on the Internet should be.
The stance on opt-in vs opt-out does put a damper on this features ability to recover lost accounts. What I'd recommend here is that if the plan is to enable it by default, only do so on accounts that haven't already proven their activity over X time.
If I was logged in last week, I don't want this turned on by default on my account :)