I like the idea of having a central, controlling nsec as a way to group particular npubs together simply because that is what I am used to having in a legacy system context.

I can certainly function without it but it seems useful if I had say 3 different npubs that performed different functions. Maybe notes were written from those npubs by a person other than myself but she couldn't post the note because she doesn't control the nsec. Only I do which would give me the chance to "approve" or "disapprove" of any note because only I can execute the send. Expand this to an organization like a university and that's a shit ton of npubs (at least one from over 100 departments).

The horror of this is that if I had multiple well known npubs and the nsec was compromised . . . well, you can fill in the blank.

It is very likely that we don't really need this at all but my gut feeling tells me that I want this simply because having  nsec/npub key pairs for multiple 'accounts' seems like a lot of management.