> I'm not sure this is actually important or useful; trusting someone not to double spend is a pretty binary thing
I think that's true if you assume that the instant provider list is based on a by hand created list of accepted instant providers. That's how VISA works now and that's why I was asking for an approach where the trusted_instant_providers list is scalable because that seems very dangerous.
Since you can detect when a double spend happens, the entire instant provider list could be automatically generated based on a 3rd party network that shares information between vendors and also monitors double spends. In that scenario, there is no hand written exclusive list of accepted instant providers. There is just a database of past history on all instant providers. That database can be used to give a confidence score for a specific instant provider for a given transaction amount. In this scenario, a new wallet company would be able to earn trust over time. If the list is made by hand, "Bitpay accepts Circle, Coinbase, and GreenAddress for instant transactions", then new wallet providers have to go around bribing Bitpay and the other large merchant transaction providers to get on their instant provider list.
Allowing more than one instant signature on a transaction is supposed to help avoid that scenario. For example, lets say I want to establish my own instant signature. I use a wallet that already has an accepted instant signature, but it also allows me to add my own instant signature. I do this so that I can start establishing trust in my own instant signature while relying on their instant signature.