Right. The decryption keys aren't on the blockchain until they are "published". If all publishers are compromised or shut off before that happens, the killcord project has been terminated.
Yeah, though finding them should be fairly hard because all they will look like from a network traffic perspective should be a normal-ish etherium non mining node and no direct communication between owner and publisher should exist after initial setup. Anyone planning on using this for serious matters should make sure that their trusted publishers are hosted anonymously (as far as is possible) or so spread out jurisdictionally to make attacking them all impractical.