Technically that's completely optional addon here. Signing works perfectly fine without this cloud sync capability.

But the 'flow-for-normies' I was imagining was that on signup they get a nip05 name + enter a password, keys are stored on one device and synched to the cloud. Then they go to another device and 'login' by entering the nip05 and password - keys are synched to this new device and now it can sign too. This would make the experience very familiar, advanced users could turn this off and do manual key backups etc. 

Sync is end-to-end encrypted, server can't read your plaintext key unless it cracks your password. It works similar to Bitwarden if you heard of it.