You can have multiple accounts on the allow-list. If you just have a handful of accounts, I'm assuming that's easiest and perhaps marginally more secure (just because account keys aren't being transferred/re-used).
The ACME spec states that "Compromise of the private key of an account key pair has more serious consequences than compromise of a private key corresponding to a certificate." While I (and others) think that may be overstating things somewhat, it is probably reasonable to think of securing your account keys as being similar to securing your certificate keys. So, if you're fine with copying your certificates keys to all your servers from a central location (as I know some people do), then I think doing the same thing with account keys is perfectly reasonable. If you use the "a certificate key never leaves the system it was created on" sort of approach, then doing the same thing with your account keys also seems perfectly reasonable to me.