I see what you mean now. Their past encrypted messages are leaked forever, that's a good point.

1. For memo keys I'll change the post title to "Compromised MEMO key detected"
2. I'll add some text in the post that says something like "review for sensitive info all the encrypted messages that you sent with the compromised memo key. Now they are all public forever.."
3. And following your thinking, it's probably better to not disclose their full account name in the "monthly" report.