I’m a novice myself, so don’t expect an accurate and technical answer. My understanding is that the argument basically boils down to “claim versus veracity” on any vulnerabilities or compromises in the key.

How do you know there aren’t significant security vulnerabilities in the key, or that there aren’t backdoors?

The open source community have some excellent security experts who can check and let us know if all is good, or if something is off.

I don’t expect my potential collaborators and clients to make an account with username and passwords just to view my relevant details and works.

Or have I not understood your suggestion correctly?