Checkpoints are a temporary measure that we're going to get away from eventually, so we're just doing the best we can with something we'll be stuck with for the next few years:)
Well duh, my bad. If it verifies checkpoints then only the checkpoints need to be signed
Furthermore, even after abstracting, there is still going to be a file on the disk, even if that is a compact DB.
Finally, 'next few years' seems like a lot of checkpoints to me to be doing them manually.
But I understand there are other complexities involved with key management, so there definitely is a trade-off here.