Ok – I've watched the demo and I played with nsec.app. So nsec.app isn't talking to any backend unless you explicitly tell it to do the cloud sync?

I created an account there and then was able (after a few false starts) to get signed into nostrudel using that key. 

When I tried to use the same nip-05 on my phone, it seemed like it was connecting but never finished the connection and I couldn't log in. So I'm not sure, do I need to logged into nsec.app on my phone too? And in the same browser on my phone?

I also didn't set a password when I created the nsec (wasn't asked) but then when I go to sign into nsec.app on my phone, i am asked for a password so I'm not sure what to do there.

I think the idea sounds like a cool one. E.g. not having a custodial nsecbunker could be a good thing, but the UX here is extremely confusing at the moment.