I think the more important question is: how do you trust the nostr client you’re using?

All those clients that you put your nsec in so you can post, can steal your profile and there’s nothing you can do about it. There is no password to change. Once they have your nsec key, they own your profile forever and can do anything with it. 

 This is a good point. Then if public and private keys are exposed to the clients, and they have full control over the nsec keys, how nostr users own their identity!? #nostr