True, but having talked to some non Bitcoiners it could be helpful to either have Oauth or more of an  explanation of what nsecs entale inside clients 

 True on many levels; keys also make it easy for developers, but without key rotation or universal recovery (similar to what legacy web have with email), it also becomes a liability. Many users aren't ready for that, especially when features like passkeys, one click login. I also happens to believe in case of nostr, we can offer passkeys like feature in trustless manner. I think that should be our goal.