I think if we do not make a fatal mistake. then all will be fine. and do not fill in the parts of the request to provide a private key.
Indeed, it depends on the carefullness of the holder itself. If the holder take care of their privacy then in lessen the possibility of bejng scammed.