The same way bitcoin handles it now. You empty the entire contents of the private key, and give the remainder to a different PUBLIC address in the same wallet. Then even if they get the private key, who cares, there's nothing left in that address.
Swing and a miss. Smartcards don't generally divulge keys (that's pretty much the whole point of them), and I said nothing about divulging keys being the issue.