I think the fundamental issue I have is that an app needs to be trusted. I'm not just focusing on typing the nsec into untrusted apps. Even trusted apps can be dangerous, even if by accident. My only issue here is with saying that X company/service should use Nostr instead. Sorry if I haven't conveyed that well. The Nostr general model IS better, just not from a security perspective yet. Nostr should be treated as alpha testing right now until we have at least Bitcoin like security options. We don't (at least from my research), so I disagree that legacy solutions should instead build on Nostr. That's all I'm saying here. People are treating it like it's ready for every service to build on and it isn't. Many more people will get rekt than on the current legacy model, in my opinion.