Of course in MultiSig, it needs the "N" number of cosigners, not just one.
And the other cosigner's xpub and private keys are unrelated to each other, that unhardened derivation vulnerability isn't applicable to each cosigner's keys.
Thanks for the above. So, ultimately unhardened vs hardened doesn't matter a great deal in multisig?