Major changes will be announced to subscribers via email, that’s why those addresses are being collected (plus expiration mails, of course). Protocol changes are always done with backwards compatibility in mind - new ACME versions, for example, will run on a new API endpoint.
Regarding key rollover, I agree that this can be problematic. The nice bit about ACME is that all these things are first-party components of the protocol - issuer certificates are part of it, and there’s even supports multiple issuer certificates so that clients can pick one that it thinks works best, or just serve all of them. The Integration Guide has a section called “Plan for Change” which captures this sentiment quite nicely.
There are always going to be things that break in unexpected ways (like the Windows bug that was triggered when the issuer certificate was changed), but as a whole the ecosystem should become more stable and reliable as a result of this. There are a lot of parallels to the DevOps vs. traditional sysadmin discussion, I think.