That's actually a crucial question that needs to be resolved in order for digital signatures to be more widely adopted. If anyone can just revoke their key and claim a hacker break-in, then what good does it do to generate signatures to begin with?