Well with formstr you could encrypt forms w/ user's nsec store locally? It pushes the problem to nsec storage, at least it's one problem to solve, not scattered across apps.