Oops upon closer reading of the article and the comments here i see that the atproto standard does apparently allow for the above, at least to some degree. If there is indeed hierarchical support for the DIDs then you should be able to disavow any child identity from a master identity and leave no public uncertainty (ie the true owner of the key hereby disavows the following sub keys)

So if the worst case scenario presented in this article took place where a PDS was falsifying information and pretending to be you, you could presumably somehow revoke the child key that you provided to the PDS. I'll have to look more closely at this

You could even publish a signed selective retraction (delete the fake posts or mark them as fake) with proof that you control the key 1 level above the key that posted them