This is just a thought experiment, but one that I think should have an answer in case it happens to someone in the future. Here's the scenario: Matt has a wallet with a number of tickets staked in PoS. Matt has just become aware that his wallet seed words have become known to someone else (by whatever method). Matt wisely creates a new wallet and transfers all available funds to the new wallet. How does he handle the tickets still in PoS? If he stops auto mining and locks the wallet nothing will go out, but if someone else has the key words are they able to override the passphrase? Or to put it another way, if someone else recreates the wallet from seed, will the network realize that the seed is protected by a passphrase? If not, does this mean that any funds in PoS are no longer secure since there's no way to redirect existing ticket returns away from the compromised wallet? What options are available in this case?
The seed words would be the main concern here. The passphrase on the wallet is created during wallet generation, so it applies to a single wallet.db file only. If somebody somehow got a hold of Matt's wallet.db file (and not the seed words), Matt's passphrase should keep his funds safe. If somebody has your seed words, it's game over. Voting rewards from tickets that are live in the PoS Pool will eventually return to the wallet they came from, so it would be a race between Matt and the other person to send the funds out as soon as the tickets vote and funds become available. I don't know what options (if any) are available at this point, but this is a great question and I'm interested to hear other input!
I was thinking about this too. You could presumably set your wallet up to vote and send a transaction to send the funds to your new wallet as soon as those votes are included in a block. Could you pre-generate that transaction and send it before the next block is even mined? It wouldn't be valid until the next block was issued, of course.
If the wallet is a totally hot wallet, that is, voting and payout addresses are from the same seed, then the theft of the seed allows the thief to attempt to steal the wallet rewards once the vote is generated. Tickets commit to payouts to a future address, which normally allows you to secure use a cold wallet. https://github.com/decred/dcrd/blob/master/blockchain/stake/staketx.go#L123-L139 https://github.com/decred/dcrd/blob/master/blockchain/stake/staketx.go#L694-L719 You can not pre-generate a transaction spending the funds because you do not know the hash of the vote transaction. The hash of the vote transaction depends on the hash of the block it votes on, which should be impossible to know. The voting is also not secure for this wallet. The thief and the original owner would compete to bring their votes to the network. The votes themselves would still pay out to the original addressees specified in the ticket.