Thank you @BumpyTale for the clarification!
Yes, resharing only re-splits the same validator key, so if old operators kept their shares they could still help reconstruct it. The protocol assumes they discard them, but that’s an operational risk, full revocation requires a new validator key.
Collusion risks
Please do not change more than 2 operators in a cluster. Each set of generated shares will always be valid when their signing threshold is met (e.g. 3/4). To reduce the risks, it is advised to not change more than 2 of the validator’s managing operators when changing its cluster.
There’s no easy fix to that other than a protocol-level change maybe something like adopting an advanced secret refresh protocols and aligning them with Ethereum’s validator key structure. Which is not (I believe) in the SSV roadmap.
That being said, the recommended Idea summary that @GBeast wrote about this Temp Check i.e. “Cluster Updates - Swap out operators for new operators seamlessly” can be removed in my opinion.