I don't think we need to baby customers too much, there is inherent hack risk in crypto, bitcoin is way more popular than Steem and has no such safeguards.
LOL. Because BTC is treated differently than STEEM and people have different expectations from it. I'm using my active key quite actively, because I know that the worst that can happen is maybe 1/13 of my Steem being poof. With 1 week or 4 weeks, the risk of me not seeing when a powerdown happens or when someone has access to my active authority (for whatever reason) is far higher.
however this will make the code for this HF more complex and we want to keep it light because of SMT complexity already, big risk adding complicated changes to this HF.
Keeping it light aka. making it easy is a quick way to add tech debt. If the correct approach is to add a dynamic period, where existing accounts also have to opt-into it, then that is the approach we have to take.