Reframing the "private key" as a "secret password" is probably along the right lines. Say cryptography to most people and they'll run a mile.
I don’t like password, though. The convention is that passwords can be changed, which means people are less careful with them.
Yup, passwords often have expectation that they can be reset. Explaining cryptography isn't needed though to explain that 12 - 24 words should be kept secret and secure.
If we do try to educate users then at least we should do this gradually. Forcing someone to learn keys/relays/etc when all they wanted was to post a "like" or write "hello world" makes no sense. There should be a super-easy way to start and get the value user expected, but then a gradual process of explaining why things are the way they are in the context of tasks that users are trying to accomplish. That's probably 100x harder than just snapping a couple explainer screens here and there.
I often think of a key which you need to unlock/lock things, like the doors of your home. But for Nostr it's the signing stuff that needs to be explained / educated in a friendly way. When most people understand why signing data is important, they will understand the encrypt/decrypt easier as well I think.
Sure, but if someone steals the key to your house, you just need new locks. If it were #Nostr, you would need a whole new house.