Yeah, I think continuous randomised shuffling (though restricted by deterministic constraints, ensuring each selected combination conforms to the IC Target Topology) is the only way to ensure that security improves as the IC scales (in terms of collusion resistance - which is the big issue).
Shuffling pushes this eventuality out over a huge time horizon, while also ensuring that it only occurs for a brief period of time. If you assume a single entity owns 10% of all nodes across the entire IC network, but that every node owned by them is under a separate fraudulent identity (or an entity that’s willing to collude with them), and they’re strategically located in different countries and data centres etc. Even then the probability that a 13 node subnet will be in a state that facilitates collusion (to the point of controlling the subnet) after a shuffle step is 0.1^9. If a shuffle step occurs daily, it would take many many thousands of years for a 24 hour collusion time windows to plausibly open up (by my back-of-the-envelope calculations). Also, shuffling doesn’t need to be a silver bullet, it just needs to be better than not shuffling.
There’s an interesting dicussion about this happening in the WaterNeuron community. @EpicICP just pointed me to a postcast that talks about this (it makes interesting listening).