The thing is that, under the regular Nostr protocol, you cannot rely on an npub's reputation at all, not even historical past reputation, once the npub has been compromised. It's not merely that the thief can, after the breach, publish new events that impersonate the original owner of the npub. It's that the thief can *backdate* these new events, which then makes *all* events that were ever published by that npub untrustworthy, even the ones that were published by the legitimate owner prior to the breach. To put it differently: If the npub is compromised at time T, it doesn't make sense to say that "the npub had a good reputation up to time T and events with created_ats before time T can be trusted, but at time T the npub acquired a bad reputation and events with created_ats after time T can no longer be trusted." Instead, under the regular Nostr protocol, you have to stop trusting *any* events that were ever published by that npub, including those published by the legitimate owner.