Okay, so it's an attack vector but one that can be mitigated against by implementing redundancy.

I would argue that Lightning's biggest security issue is having to store your private keys on an Internet connected device. I don't know if further improvements can be made in this area, for example allowing for some kind of 2FA, like multi-sig on the base layer.