I guess the "right way" to do this is to have some sort of PKI that authenticates twoots coming from an account and makes it possible to publish an account change announcement (or whatever the right terminology is for the Mastodon API) after a takeover has happened
which introduces its own headaches, to be sure, but if it's an optional feature then I don't think those issues are any worse than allowing each instance's sysadmins to run amok?
so beyond the Mastodon developers' apparent nonchalance re: user privacy, it also kinda grinds my gears that your identity is tied to a single instance
like, is there any barrier barring a sysadmin from completely taking over a user's account? it seems like that would be a pretty big security consideration for a federated social media platform 😐