These are all really good points and may have changed my mind on the subject. That said, remote signing will only be used by a tiny minority of people.
Not really. Amber uses NIP-46 to sign and decrypt payloads from your phone. Desktops never see the nsec, only people's phones do. Everytime an approval is required, Amber brings up a popup on the phone. That can come from your team members or from yourself on a separate device.