In his TOS is clearly emphasized, "No, you cannot deposit ERC-20 tokens to your ETH deposit addresses on your Kraken account."
https://support.kraken.com/hc/en-us/articles/360048128112therefore they have no obligation to do anything here. Also, they can't do anything with these tokens because that would be some kind of theft.
I agree that they should charge fees for fund recoveries.
Only for some big transactions maybe. Pretty sure they won't bother with something less than $1k since it is not going to worth their time. And users should be careful in the first place, so it's not exactly their problem too.
if they wanted to spend time on such things, they would not set such a deposit condition.
Also, I understand when they don't want to share private keys. I can imagine how many cases there would be with stolen PK, and it would be very difficult to prove who is to blame for it.