If someone gets access to the private key, then they have access to everything in that the backup runner can read, so they don't really need to decrypt things. There is the difference between access to history and access to a current snapshot, but I don't know how much that buys me. So I could drop the passphrase, or move the private key, but then I have another (small) backup problem. I know people here think about threat models and backups, so feel free to learn me good.
@bremner I'd caution against making it too difficult for yourself when it comes time to restore. Having lost access to backups because I was too concerned about threats that had no real bearing on my life, I'm now of the opinion that the small risk of an unknown motivated attacker who happens to even understand the backup strategy is much less than the large risk of not being able to recover.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!