[JumpCrisscross]

> a criminal kidnaps 10 people, then steals an orb, and uses those 10 iriscodes to register 10 new credentials on the network

This is a lot of work. Just steal the iriscodes. If they're used for re-issuance, they're being stored and transferred. If they are not directly used, there is a hash-like reduction that can be exploited.

For sake of argument, though, let's assume perfect security. Infallible security. All the way through. Congratulations, you've turned every pair of eyeballs into an oil spigot. When the Taliban or ISIS carves through a town, instead of beheading the leaders and taking their treasures, they take everyones' irises. Every authoritarian state would require scans of its citizens so payment could be routed through (read: stolen by) it, a requirement they would back up with violence.