The risk is reduced by starting with an empty keystore, when I have enough trust in the person then I added the person. When the trust is comprised, I remove the person. And before using my private key, I must enter a pass phrase as the private key is encrypted with this pass phrase. In X.509, it gives me a keystore with lots of certificates that I may not be able to trust. How do trust these certificates? I can not simply, they could be fake, and there is no establishment of trust, especially if the keystore component is written by Microsoft. "Make a determination in your mind whether this key actually belongs to the person whom you think it belongs to, based on available evidence."