Generate BIP39 mnemonic, use that as seed to derive m/44'/145'/x' where x' is the service. Forget the root master and use the Memo pass to encrypt the XPRV of this account.
Love MIP 4 and 5. Keep up the good work!
If the parent key was never used for memo, and the memo.cash website itself generated child keys, then at configurable threshold sent to parent keys, you could minimize risk.
