Another question: suppose indeed some witness node(s) would be seized by another entity. Then that's still not the same thing as taking control over the controlling account. In other words, in case a node would be seized, the controlling account can still communicate / post about it, to let others know to unvote / disapprove for that specific witness. Or in other words: adding the ability to disapprove a witness, would conversely combat the exploitation of seized nodes.
True?
The idea would be to seize the node and add something to the witness software that changes consensus in one way or another. This might not be noticed by the witness at first. In this case we expect the attacker to be competent enough to hinder said witness from noticing/disclosing the situation. Say putting them in jail.