Thanks for the explanation on that attack vector, very helpful.
All public keys and attached addresses that the wallet can have + any comments you left in there.
At the risk of sounding really dumb, does the fact that the hacker can match the public key to the addresses in the wallet make a brute force attack on existing address balances more likely?