It appears that all Tinyumbrella does when it gets the SHSH files from Apple is to report to apple that this ECID wants its keys (surely oversimplified)

So what's to stop a "super umbrella" from asking Apple for every possible SHSH file, maybe a distributed request, and cacheing them all away so that any phone can be downgraded?

that way, even new phones that come with 4.1 on them could possibly be downgraded.

Why not?