Ens is a digital avatar, if not the digital identity. It should be possible to prevent theft of ens which can be disastrous (identity theft and potential loss of business).
To prevent this, it should be possible for me to indicate (an optional) transfer wallet address for my ens in ens records section (screenshot below). If filled, the only movement that ens can do is move to the whitelist address. Also, such ens names can be shown as not for sale/transfer in Market places which can read metadata.
This mechanism will give a lot of people confidence to use their grail ENS in daily use and increase adoption.
It’s not fool proof since transfer wallet can also be compromised but that’s a very very rare event to loose 2 keys simultaneously.
A time lock can ensure that the transfer wallet edits can take effect only after expiry 24 / 48 hours/xyz blocks. We already do such time checks during ens registration to avoid collision.