With podcasting, pirating a feed has always been possible. Although that should be addressed, the problem I'm thinking about isn't pirating so much as it's redundancy. If you, me, and Spencer all had servers, I want to host yours and his feed as well as my own as a backup, and you guys do the same for me. I'm trying to think of a way that I can prove to your server that it's me that's actually requesting the feed update, and not someone else. Perhaps the way to do it isn't the signature in the feed, but I encode the whole feed, sign it, then send it to your server. I'm in your list of approved npubs, so you verify it's me, decode the feed and replace the old one.