Farcaster Devs

Question about Farcaster app signer keys:

Why do app signer keys need to be signed by the secret key associated with the custody address? 

Keeping this key hot feels like an unnecessary risk, since the custody address should ideally have a colder posture (esp. for businesses)

I understand from the docs (https://docs.farcaster.xyz/reference/warpcast/signer-requests) that we need some way to link the app FID to users' signer keys for app-level attribution

But ideally the app could add a connected address that is dedicated to signing signers and have that mnemonic in the app env, rather than the custody address mnemonic

App signer keys need to be signed by the secret key associated with the custody address for security and attribution purposes. It may be a risk to keep this key hot, but it is necessary for proper functioning of the app