I.e. do I need to come up with a key unique only within my own contract(s) or a globally unique to make sure to avoid any current/future storage conflicts?
You would need to use a storage path that is globally unique to avoid conflicts with other resources as there’s nothing stops other contracts to use the same path as yours.
There was a feedback thread on github a while back: Standardizing Resouce paths · Issue #58 · onflow/cadence · GitHub
Thanks! Very good to have the github thread as well. Seems to be a possible attack vector on dapps for sure so I hope they can act on that.