Hey,

You need some peers to provide some sort of geographical diversification and more uncertainty as well as a multisig structure.

Regarding the second paragraph, say you have a multisig.

1. Say at the best the keys are distributed between 3 persons (compared to you holding keys in different locations).
2. Now, I wanna attack you. I put the gun to your head. You tell me it's a multisig. I say (worst case) give me the descriptor so I can examine your claim.
3. You provide that. I say now sign this psbt and then take me to your friends (If I have not identified them before).
4. You do as I say and I coerce them to sign as well for I have the gun.

The thing here is that the act of signing is very predictable. I put you under duress and I know the signing flow and that's all.

Now consider using Boomerang.

1. You come to me with a gun. I tell you my bitcoins are in a boomerang. You demand proof and I provide the descriptor looking like a boomerang descriptor.
2. You force me into calling others and convince them to do as I want or you just capture them and put them under duress as well.
3. Now what are you facing? We are all cooperative. But neither you nor us know how much time it takes to sign the transaction of your choice. It may take 6 months or 1 year (note that this is for low velocity reserves or fallbacks and not for day to day expenditure). Added on top of that all of us peers can signal duress during this withdrawal ceremony and you won't know if we have done that. For nothing changes after a positive duress signal whatsoever. Except for the trusted entity knowing we are under duress.

Put yourself in the shoes of an attacker. Would your first choice of victim be those that have a setup that takes uncertain time to withdraw and has undetectable duress signals built in the withdrawal ceremony itself?