Wouldn't it need some form of split key to authorize? Like the alert that was removed, but requiring multiple parties to sign off. And yes, 51% could compile code that has a known key that could be exploited, but that would generate a hard fork if used.