Private key is not needed sometimes. Evidence is just some bytes + signature. So attacker is going to find any signed byte sequence of needed length in the history to re-publish it as "evidence". Ok, bytes are height+hash(as in Tendermint paper), so height could be checked, so not every message is appropriate. But you can't verify hash.
In my proposal all the pools will sign each and every block. All the pool signatures will be included in each block (this is different from Tendermint which only saves hashes of old signatures to save space). No evidence can be faked as a result.
3. Ok, we'll get 2-3 pools signing all the blocks. It would be centralized as hell system. What's the decentralization incentive?
It is still decentralized. An individual miner who is not a pool owner can still participate by watching for attacks and leave or join the pools. The miners are just taking different roles. The system is so designed that when a pool behaves badly the interest of the joining miners will be harmed and this will drive the miners away to other pools.
The purpose of pools is to detect N@S double-voting. It is not possible to detect double-voting without major stakes in each and every block. The total number of pools can be controlled - see the details. I am not sure what is the optimum number of pools but 2-3 pools is definitely not decentralized enough. The number of pools should be a balance between efficiency (network traffic and block size) and security. POR pools are no different than Bitcoin hash pools. I don't think Bitcoin hash pools turned it into a centralized system. Actually Pools will help improve PoS to get more reliable and scalable in transaction volume, as hash rate in Bitcoin get improved. There is an incentive to become a pool owner.