This treasury is a 2-of-3 multisig: any transaction needs at least two of the three keyholders to sign. Try to send funds, see what happens with too few signatures — then simulate a stolen key and watch the funds stay safe.
Sign with keyholders and try to execute. A single key — even a stolen one — can’t move the funds alone.
Multisig turns a single point of failure into a committee. Stealing one key buys an attacker nothing.
Jan Erik Meidell