This idea looks very promising! I keep fingers crossed for Your project :)
With this system utopian.io couldn't be attacked
Utopian used users keys to offline access in order to modify articles structure on behalf of author. This is not possible using Your browser extension.
Yes you are right. I think no one should have ever access to your account. In my opinion utopian shouldn't have possibility to make these changes. If they need some additional informations for interior proccessing these informations could be added for example in the comment.
@mys if you want to know more how my solution works I released youtube tutorial:
It is also mentioned in next pull request and in project documentation.