Indeed. You own your keys but it comes with great responsibility and risk (fire, floods, loss, theft, etc).
In this case the account is new so they can just reset their keys and nothing is lost but if it was an account that encrypted messages with their memo key those messages would now be public forever..