I don't understand why NIP-05 isn't signed:
https://github.com/nostr-protocol/nips/blob/master/05.md

"""
Identification, not verification
The NIP-05 is not intended to verify a user, but only to identify them, for the purpose of facilitating the exchange of a contact or their search.
"""

but we could easily add a signature field, otherwise the profile process is less secure than the signed-event model. Unless I missed something?