Is the above true? If an attacker were to randomly come across my private key, he can move the funds without requiring the origin keys that resulted in the multi sig?
I never heard of a single case of anyone losing coins with multisig setup with attack like you mentioned, and I couldn't find anything about reddit topic talking about this, so maybe you should post a link for us to see.
I know that more more co-signers you have in multisig setup, the harder it will be for attacker to stole your coins, and I don't see any real threat with this.
With new taproot addresses all transactions like the same, so there is no way you could know if transaction is single or multi sig, but that is not the case with older address types.