Seems like clients don’t verify that signatures actually come from that hardcoded key (which they are definitely able to do). Until that is done clients are still vulnerable to a coordinator tagging attack.