And maybe if they'd tried to be clever, with custom "high-security" key-generation/key-splitting tricks, but actually wound up being stupid, without good records of public-addresses... then reconstructing the public-addresses for lookup could be just as hard as reconstructing the private-keys.

Of course we're in wild-speculation territory but it's an interesting creative extreme-scenario exercise.