I like this idea of “verified local key encryption”. Though this may be difficult to verify, having NIP49 implementation baked into a library will like NDK (so client code doesn’t NEED to handle the nsec at all) will be a good start. 
https://github.com/nostr-dev-kit/ndk/issues/216