Top three:

- use a different protocol than LNURL, or at least make it backeward compatible w. LNURL

- do not keep state on the reciever (instead, push from sender when payment is done)

- make it less about sats and more about PoW (cannot be fakked, cannot be wash-zapped, can be bought w. sats for low power devices where PoW is unfeasable)

1 and 2 will soon be technically trivial, with LN SDKs making it easier for apps to natively integrate LN (access to preimage, LNURL primitives, etc -- without switching apps).