I've been saying since I got on here that the nsec model as it is will get people rekt at some point. We need a way to sign things without giving all these rando apps our one private key.

I also don't buy the proposal for a different key for each app. That key could still be critical even for one app and we should therefore have a way of giving no service the key in my opinion. A bunker is a good idea, but I'd even like to see a hardware signing device like we use for Bitcoin.