Thanks. Will have a look. Personally, I treat nostr as a permanent internet public square (everything is open for all to see, including eventually DMs). And what I carry in my wallet in this square could get stolen. So I don't care about deleting stuff already on relays; I care about making sure that I and only I can broadcast to the network that my key should be considered forked to a new key. That seems like it ought to be doable.
Discussion
I think that's probably the right way to look at it, a sort of glass box but one that you own.
The key forking thing is hard. The best way may be to start off from scratch with the combo of both a virgin (secure) nsec and FROST bunker URL, created at the same time. You can get such a combo at njump.me via the join nostr thing.
Write that nsec down somewhere, store it in a few places, and never paste that nsec into anything. Nothing. Nowhere. Ever. Only use the FROST bunker URL with clients. And only come back to the nsec to create a new or revoke an old FROST URLs (those are disposable).
That way you'll never lose your account, some hacks your FROST URL, just revoke it, nothing about your npub needs to change.
Problem is FROST is in early stages, not a lot of clients support it. But it is the solution you're looking for by the sounds of it. This guy below gets it:
nevent1qvzqqqqqqypzpx8xhrzg2fzrs2kr89sz4x8c8svrsg8ptwy4z4unzdv9lfwy0kuyqqsdc20kcqqcns2c5cd6t5jvvgcg7slrqtkc6xv7k7vtyu9vhvkv06cjc04mr