I agree with your concerns. I also agree that there should be another, better way. And there is — the private company retains the information and the private keys.
Only upon being served with a valid warrant does the private company itself, not the government, use the private key to decrypt the information and then only the decrypted information, not the private key, is delivered by the private company in response to that specific warrant.
The mechanism is explained in more detail in my article: Here’s How Apple CAN Make iPhones That Are BOTH Secure And Accessible By Search Warrant, And Why It Should Do That