I very much wonder if this obvious oversight was intentionally left unaddressed in order to create a requirement on proprietary sync/backup solutions and make true security more difficult (since the key material is now being synced around and could technically leak or be subject to "lawful intercept" or bruteforce of the sync service's authentication).