Sounds good. I think it makes sense now. The only issue is trusting the operator and yes this is a good approach to limit the damage. It's the same with business accounts: How do you give an account key to a s staff and invest in it if at all? Powering down after every 500 steem power is a good option