Well...
You can spend the extra "donations", because they are in a P2PKH address, that you DO have a private key to. The private key is the same for both P2PK and P2PKH "addresses" made from the same key.
Exactly my point, so why is it that nc50lc is saying (as I have some others claim as well):
You shouldn't derive the address based from that Public Key because the owner wont be able to spend it using the "P2PKH" script even if he has the private key.
Just wondering if I'm missing something here..