First, let me review what a "public/private key pair" is,
and what it is for. Then, I'll touch on "passphrases."
A public/private key is used in asymmetric cryptography.
Each key works in only one "direction" ... if you use one of the two keys to encrypt a message, only the other can be used to decrypt it. The public key is derived from the private key, and this process cannot be reversed. (Well, not by anyone you or I
will ever know... unless your night-job is being a "spook."
If someone steals your private key, then yes, they can impersonate you and do everything else that "you" can do.
If your private key is secure, however, then you can use it to issue messages that only a holder of the public key can decrypt. (This effectively proves to them that you
must have sent it.) Likewise, anyone holding the public key can send you a message that only you can decrypt.
of course, is "how do you protect your keys?" One way is to use a passphrase. This applies a symmetric
encryption to the content of the key: only someone who knows the passphrase can determine the content of the key and therefore use it.
A passphrase is functionally "like a password, only stronger." You have to know the passphrase and
you have to be in physical possession of a key. It's like an ATM which requires you both to "know the PIN" and
to be in physical possession of a card. (You can replicate
an ATM-card by duplicating the magnetic stripe, but it is impractical to forge
one... and the PIN is not recognizably encoded on the stripe.)
"Stealing a laptop at the airport" is always
a problem that must be dealt with. The first line of defense is to use a passphrase on all keys: this makes it unlikely that a thief will actually be able to use any of the keys. The second line of defense is to issue individual
keys. In this way, compromised keys can be revoked ... shutting down the access that they confer, while affecting no one else.