The real question is: Why so many accounts need to restored from hack? (after the hack in the past)
Big part of the accounts are sold and then the seller is trying to get it back as he has the signed address in the list and claiming that the account was hacked. That's why there should be an "investigation" for each case.
Can we provide a mechanism that the Seller of an account will publicly announce that there is a new owner of his/her account?
(though I notice that Buyers of these accounts are always tagged as red trust)
The rule suggests that it is not illegal to sell an account (yet it is discouraged). At the very least, this can lessen the occurrence of the concern of selling of an account and getting it back using a signed address.