Of course it does. I can upload a new and stronger key with keyid
johnl(_at_)taugh(_dot_)com to the keyservers and now you cannot read any email
people
send you that is automatically encrypted to a key you don't own. You can't
trust the keyservers for the binding between keyid and email address.
I understand the argument for better keyservers, e.g., you have to
click on a URL in a message encrypted to the key before they publish
it. I don't understand the argument to replace it with something else
with a whole new bunch of security and other issues.
R's,
John