If I understood this correctly, you're saying that someone can decrypt your data if you use private key THEY generated. But who uses private keys obtained from untrusted sources?