I vaguely remember someone saying that CAs(?) should release their private keys after their certs expire since doing so allows anyone to generate fake content thus making it plausibly deniable that any data under that old cert isn't useful to anyone as proof. It also gives an opportunity to get access to locked firmware / hardware that would otherwise got to trash