Depends on the intentions of the attacker

If the intention is trolling, then yes, they could send spam from the account. If the intention is identity theft, then they would merely attempt to redirect subscribers (without any supporting evidence).

I disagree with the nuke functionality being dependent on merely one key. It would be better if a nuke function involved *two* private keys, so that the account owner can decide when to nuke the account. If 1/2 keys was unused then it wouldn't likely be compromised.