@magicians. I’m in the tech industry for over 20 years working with critical infrastructure focusing on scaling and high availability. It is a necessity that you have a disaster recovery and business continuity plan. I don’t see this in the current staking design, as all the value, leverage, money, stake however you want to call it, is dependent on one withdrawal address (wallet). Every good Authentication/Access Management solution has a fail-safe, usually when decentralized, it utilizes an alternate authentication method or recovery codes. Therefore, i fully agree that in our case, defining an additional address (maybe just for stake withdrawals) makes a lot of sense to mitigating the potential risk of losing everything.
Since staking is ideally a long-term commitment, the likelihood of a wallet becoming compromised over time is not negligible. An additional (backup) address could be added in the same manner as the 0x1 withdrawal address was configured previously, which would similarly require access to the validator credentials.
This approach should not introduce any additional security concerns. Perhaps @yorickdowne or someone else more closely involved with the actual implementation may have thoughts or comments on this.