I’m less concerned about the cost than about awareness. Users know what wallet they use, so if a vulnerability is discovered they are likely to switch. And if they switched regardless, before a vulnerability has been discovered, they don’t need to care about the security of a wallet they no longer use.
With invokers it’s different. Users must keep track of any invoker they ever used, even just once. And if one of them is deemed unsafe at some point, move everything to a new EOA. Keeping track of the wallet you use seems much easier than keeping track of all past invokers.
Users won’t do it, so it becomes the responsibility of the wallet maintainer to keep track and warn the user to switch EOA immediately if a previously-used invoker is found to be buggy or malicious. If I were a wallet maintainer, I wouldn’t want to be responsible for tracking the security of any 3rd party invoker I whitelisted, and tracking which user has signed such AUTH. I don’t know how I’d be able to reach all these users because they may be inactive for months and are still immediately vulnerable due to this past AUTH.
It might lead to wallets refusing to whitelist any 3rd party invoker, and only using their own. That would diminish the value of EIP 3074 much more than restricting the invoker to signed transactions, and actually prevent may use cases.
Another concern with needing to switch EOA due to a bug in any of the invokers previously used, is that sometimes you just can’t switch because you hold a non-transferrable asset. For example, suppose I hold tokens I received from various projects with a vesting contract. I can’t change the recipient in the vesting contract so I need to wait a few years for full vesting.
I have the same concern with Gnosis Safe but at least my exposure is limited to one contract, and it’s a proxy so I can upgrade the implementation to fix the bug in-place. If instead I used multiple invokers in the past, and then a bug is discovered in just one of them, I lose all my unvested tokens.
Hopefully devcon.