An account is a certifying authority for a module. Put another way, accounts are the issuers of module tokens. There is no enforced limit on the number of module tokens an account can issue. How many accounts you choose to use will depend on the type of security infrastructure you have and the kind of verification you do in your waSCC runtime hosts.
As mentioned earlier, waSCC does not have access to any secrets in order to perform verification. So, when you write code to add a security hook to your waSCC runtime host, you will have access to the
issuer field of the module’s token, which will correspond to the public key of an account.
Public keys of accounts (and any other entity generated through ed25519 nkeys) do not change so long as the private key does not change. This makes them a source of reliable and unique identity.