There needs to be some way that you can have a Nostr key that never touches the internet or touches something that touches the internet. Somewhat like cold storage. If my Twitter account gets compromised, theres a process (awful, but its there), to get my account back. There's nothing like that with Nostr, once that private key gets compromised its over. Alby is good, but its a bandaid.

I don't know how you fix that without a protocol change. I suppose you could come up with some novel approach in a NIP, but you'd need every client to adopt it or I suspect your posts won't appear in older clients.