Well, my opinion, in a simplified form: Duplicacy has to ensure the security of the files stored in backup in the cloud / storage. The scenarios cited affect all my files, not just the Duplicacy keys, and are outside the scope of a backup tool.
If you have bad habits with passwords, there is nothing Duplicacy can do. Solution: use a password generator / manager.
Keep your most confidential files encrypted. I use Veracrypt and AxCrypt. There is also Cryptomator and others. I travel a lot to work with my notebook, it can be stolen, etc.
Remember the “2” in the backup rule 3-2-1: 3 copies, 2 different technologies, at least 1 off site. Previously, “2” meant 2 media (HDD and DVD, for example). Today I use cloud and NAS. And specifically the Duplicacy keys and some more sensitive files I use another “technology”: Rclone. Even in the Duplicati forum topic, a user suggests using GPG and backing up the keys.
Perhaps something can be added to Duplicacy in terms of security, such as two-factor authentication. I don’t know the difficulty of implementing this, whether it would be a change in just some module or all software would have to be rewritten.