Ah okay. So you’re saying hardware wallet would use the nonce unless it thought the nonce was leaking, in which case it wouldn’t sign. The change is just that software _could_ specify the nonce to use as an additional security measure
https://damus.io/note17sng39wcp29fafljnp5g3rz9avw3dmtme4qr3lumqry4mqnxv2vqvkv4n6