I think that's the point. For those who want nsec custody, having a password with a trusted third party is the alternative. Bonus points if the nsec is encrypted with the password so the platform cannot use it, if that's even possible.