It's a good approach, actually your private key acts as the master key of a password manager, when you 'login' with NIP07 for example, actually this apps only gets your public data, the ones published in multiple relays.
The debate is not whether or not to use your nostr identity to login, I think this is fine, but how to properly guard your private key. This is sometimes as valuable as a BTC private key.
Sovereignty is uncomfortable, I see it as a trilemma between sovereignty, simplicity and security.