TRUST, BUT VERIFY
Public Key Cryptography always seems a little like magic when you first hear about it, and this article is unlikely to demystify it any, but one (ahem) key point is that public keys should be as public and widely known as possible. We’re not jeopardising Mint’s security by printing their public key here because knowing that won’t help anyone deduce any information about their private key. If anything, we’re helping them by making it more available (albeit in frustratingly hard-to-transcribe paper form). If an adversary tricks you into thinking a public key under their control belongs to someone else (or you blindly trust a key from a forum post), then they can use it to imitate that person. All signatures will check out fine and you might end up divulging your most secret knowledge. Hence the old adage: trust, but verify.
Analogously, though easier to fathom, private keys must be kept private. When you generate them you can opt to generate a revocation certificate as well. That way if a key is compromised, you can revoke the corresponding public key from Keybase or other directories. It’s the equivalent of declaring your password lost. There’s a reasonable privacy concern about the email address embedded in a public key. You don’t have to put a real address here: it doesn’t limit which email addresses you can use the key to correspond from. But if your email address is public anyway, then having it match your public key makes things seem more official.