1. Terrible because being a single point of failure? If so I agree. But also then, mitigation could be either to be cautious about what that key is securing, or managing a set of keys for specific purposes (although fair enough, we'd be back to square 1 in regards of device engagement 😅 )
With 2. I can't agree more as well. As for that matter nostr is also friendly towards running self hosting setups; that being said, self hosting could also be prone to single point of failure risks, ie, `centralizing' servers at home prone to $5 wrench's 🤔