"Unauthorized payments" is a bug. It's an unfixable bug for which they've created a recovery system, but it's still a bug, because the system is not intrinsically secure.
"Steal your secret key" is not a valid analogy to a having a credit card number stolen. The information density of a secret key is orders of magnitude higher than credit card info, and that's why it has provable security properties that credit cards do not. Credit card info can in principle be brute forced where keys cannot.
"Steal your secret key" is not a valid analogy to a having a credit card number stolen. The information density of a secret key is orders of magnitude higher than credit card info, and that's why it has provable security properties that credit cards do not. Credit card info can in principle be brute forced where keys cannot.