Yes, that's a correct enumeration of risks. In sum, there's no privacy risk, IF the only compromised key is the Posting one.
A caveat though: you said "they could send encrypted messages as you" — however, sending messages AS YOU in any meaningful way would require that your adversary knows who you have been communicating with. Keep in mind that it is impossible to infer the addressee of a message sent with Hive-Mail, unless you are the addressee himself and have ALL the required private keys (Memo AND Post-Quantum) to decrypt the message. Not even the sender can decrypt a message, after it's sent. That's intentional, that's a feature, I built it like this on purpose.
RE: Introducing Hive-Mail, a new, quantum-resistant messaging protocol on Hive