Obviously we would completely purge any public keys for accounts with zero balance and with no aliases.
Is there any way this could lead to a Sybil attack?
Merchants may generate a unique address for each patron. Once the public keys are discarded, how easy would it be for an attacker to generate one for that address?