I’m a novice myself, so don’t expect an accurate and technical answer. My understanding is that the argument basically boils down to “claim versus veracity” on any vulnerabilities or compromises in the key.
How do you know there aren’t significant security vulnerabilities in the key, or that there aren’t backdoors?
The open source community have some excellent security experts who can check and let us know if all is good, or if something is off.
I know that not many here are computer savvy, but I use
qpdf
andocrmypdf
in tandem to strip and rewrite metadata from PDF files and store them in PDF Type-A format.https://en.m.wikipedia.org/wiki/QPDF
https://ocrmypdf.readthedocs.io/en/latest/index.html