He's referring to the master key, which will be used to sign the per developer signing keys. If that is stolen, then it will be possible to sign arbitrary signing keys and issue arbitrary revocation certificates.

So the signing key for $COMPANY will now be worth money for extorsion.

And is, again, instantly revokable. It'll be annoying if it's stolen, but you just revoke it, give the company the new one, and update the app in the app store (or your download, if you're not in the store). This is arguably far better than being unknowingly hit by malware.