That just lets you see the contract. The decryption keys by necessity can't be located on the Etherium chain at all and have to be held by a trusted 3rd party/system that watches the contract and releases the keys when the checkin doesn't happen. If the attacker is able to locate and disable that system then the killcord is essentially diffused the owner would have to manually publish or have setup backups.
Right. The decryption keys aren't on the blockchain until they are "published". If all publishers are compromised or shut off before that happens, the killcord project has been terminated.
Yeah, though finding them should be fairly hard because all they will look like from a network traffic perspective should be a normal-ish etherium non mining node and no direct communication between owner and publisher should exist after initial setup. Anyone planning on using this for serious matters should make sure that their trusted publishers are hosted anonymously (as far as is possible) or so spread out jurisdictionally to make attacking them all impractical.
