All of which misses the point. If a client is compromised, an attacker can use its credentials to request any key he wants from the KMS.