I was thinking in the context of nips 41 and 109, and around how to improve key safety. Imo master key should never touch a mobile device - if you don’t let the master key touch a mobile device or other low trust environment, but you do let a child key, then if you expose your xpub, it undermines the whole security model of having a well protected master key.