That's an excellent point. The only place the library has access to the private keys are during account creation and message signing. Perhaps I should implement both directly in the wallet so it's visible and clear to everyone.