In your latest video, around 22:30, you talk about private keys being stored in plain text. Is there any safe and ethical way for this mod to safeguard those, if Mojang will not fix it for 1.19.1 release?

Is there any safe and ethical way for this mod to safeguard those, if Mojang will not fix it for 1.19.1 release?

Absolutely. We can just prevent the client from caching them, as so far there are no good reasons to do that in the first place.

Really, that simple? How would the client sign the messages for servers that require it then?

It will just get keypair from authentication services on every startup. It already does that when keypair is not yet cached, the only difference caching makes is that client doesn't have to communicate with authentication services to obtain those keys every time it loads.

What about temporary connection issues? Or would that be irrelevant as the client would launch to offline mode anyway?

Yeah, if you don't have connection on startup then you won't be able to authenticate and play on servers in the first place. Having warning about unsigned messages in singleplayer could be annoying, but mod already disables those by default.

This is no longer necessary as key caching was removed in pre-release 6.