Yeah exactly I always wondered what would happen if yours accidentally got leaked. Not much they can do now the whole system is out but yeah it sucks 

 Yea it's a very fair point. Simple key pairs is just the starting point. We'll need to figure out how to rekey people potentially with something like social recovery and/or pre-commitments. I believe we'll solve these problems over time though. Getting adoption for an interoperable protocol is much more challenging  though imo and that's where Nostr is beginning to shine 

 My approach for theft would be to have key aliasing and reasonably secure hardware wallets.

You'd have a 12 word seed you only ever enter into the hardware wallet so it can generate the signature you need to set up an alias pointing to another key. Once the alias is set, the seed is deleted from the hardware and you interface with nostr through the other key. If the everyday use key gets stolen, you change the alias. 

 Once your nsec is stolen, you can never recover it for your exclusive use, that's correct. Once it's lost, you can never recover it for any use, that's also correct. But same is true for bitcoin keys, and yet we're hoping to build the world around it, and people build tools to mitigate these risks. Nostr key != Bitcoin key, but there are much more similarities than differences. Here is more on this: nostr:nevent1qqs0qkyxmykx2a5f98e88c2ayyz44z53h8ntvqp0fusge4r62m9m7mcql9f4x 

 the comparison to bitcoin keys is flawed. Even if you lose your bitcoin keys, you usually have a backup and can transfer it to another amount.

The same is not true for your nostr identity. Once it’s compromised you can never transfer it elsewhere. 

 also, there is nothing in nostr yet that attempts to solve reputation.