These 12 words might be as sensitive (if not more) than the words that allow me to send #bitcoin. They're the seed phrase for my digital identity, which is tied to rw identity. The downstream interactions are far more complex than something used to write txs on a timechain. 

If someone gets my bitcoin seed phrase, all that money in that wallet is gone; they can impoverish me. Someone gets my nsec, they can *be* me, which could be worse.

What can guard against this? Something like this: https://github.com/nostr-protocol/nips/issues/282