Ah right, my understanding is that even if the node were birthed in the enclave the bitcoin would return to on-chain in case of force close. If the node is destroyed before a force close event can be sent, and also no backup was obtained (a problematic setup in itself), then I think any of the destroyed node's past outside peers can still initiate the force close and the bitcoin is still released on-chain. And the malicious operator would be behind one of those peers. I have to defer to a lighting dev on this, but the gist of my understanding is that the operator in this scenario is always going to have *some* way to access the bitcoin on-chain if the node is destroyed. Who here would be good to ask this I wonder?