This discussion, although a bit of a digression, is very interesting to me in relation to some projects I am currently working on.
What’s your understanding of the potential for ID theft and a resultant theft of PKI Public AND Private Keys?
Two ways. Someone hacks your PC and obtains your private key and masquerades as you. I haven't heard of that happening mainly because the private key is encrypted and only decrypted by the application using it (e.g. the email client) upon your approval (you get a dialog asking for use of the private key.
Second possibility is ID theft via a certificate request. Instead of you creating a private key in your browser and sending the cert request to be signed, someone else generates a private and cert request pretending to be you. The way we get around it at work is that the new cert request corresponding to the new private key is signed with the prior private key which only you have access to. There's an initial problem of vouching for a new employee, but there are out-of-band ways to verify identity.
The registration problem is quite common across all ID systems. For example, how to you verify who someone is when they sign up as a voter (never mind looking for duplicates, checking for citizenship, etc). It's very easy to check IDs when someone votes and then look them up on the voter list. It's very hard to make an accurate list.