well, if you talk about private SSH keys for Git operations and SSH/GPG keys for signing, then you'd better set up a passphrase on them, which GitHub strongly recommends. the passphrase will make it significantly harder to use the keys. so, as usual, It Depends (c)