When interacting with an address, if no contract instance has ever been deployed to it, then the protocol will use the code referenced by the identifier in the address itself.
It will be hard to check that no contract has been deployed without producing a nullifier. We can’t ask the users to prove it against the latest root. And this can’t be done in a sequencer cause that will leak user’s identity.
An attacker can then create a proof that refers to an old root when my account hasn’t been created or upgraded, and use that old (probably insecure, easily hackable) way to send a transaction on my behalf.