Is there a reason that steemit wouldn't have a copy of our keys? They may have certain admin functions available they can do at any time without a complaining user verifying their master key. But for security reasons, they expect a complaining person to provide it as proof of ownership. They may have made an exception to needing proof because of the negative PR, and the obviousness of the phish.
As far as the account being blocked. Perhaps no one, except steemit, knows their new keys. So it may not be blocked, but near impossible to log in. Another thing is that certain activities may [also] be blocked from the steemit interface, but not necessarily other interfaces that interact with the blockchain outside of steemit-whatever those are.
That's not correct. Nobody at steemit should have access to our accounts without a copy of the private key. Otherwise it's not decentralized.