If someone gets access to the private key, then they have access to everything in that the backup runner can read, so they don't really need to decrypt things. There is the difference between access to history and access to a current snapshot, but I don't know how much that buys me. So I could drop the passphrase, or move the private key, but then I have another (small) backup problem. I know people here think about threat models and backups, so feel free to learn me good.
