That's a good point, but I'm not aware of any wallet software that would re-use an imported key as a change address. I understand this is a strong theoretical concern, but do wallets actually work this way - especially a wallet that a novice would use? Would you suggest another way for people to claim their tips, or is this risk just inherent to this project?

(It should go without saying, but I'm not interested in doing anything nefarious with stealing anyone's tips. I actually can't steal anyone's tips - the private keys are unrecoverable once a post is made. It's in my best interest to incentivize people to make more posts by ensuring they're able to get their tips any not stealing anything.)

In any case, I appreciate the scrutiny from a security standpoint, so thanks for bringing this up.