I am coming from your response on the Ann. As I said, right now telling about multi-sig feature is a misinformation until it's implemented.

At the moment, with whirlwindmoney being the sole operator of the site, then they are in control of all 3 keys in a 3-of-3 multi-sig. This provides additional security against a single server being seized or infiltrated, but it still requires complete trust from the end user that whirlwindmoney won't scam them, as it would in a normal single-sig set up.

In the future with blinded bearer certificates and the involvement of other third parties, then presumably the best option in that scenario would be to migrate to a different multi-sig. Let's say they recruit nine other people to be signers for the blinded certificates. Maybe something like a 7-of-10 multi-sig would be the best in that case, which provides a good mix of security against some of the signers being dishonest as well as redundancy against some of the signers being taken offline, seized, infiltrated, etc.

We will try our best to migrate to the trustless version as soon as possible, it all depends on how fast we'll be able to find the right users for the multi-sig. Until then as you said funds are safe from external actors but we could scam anytime if we wanted.