So what you mean is that now any app that let's users log in with "email" can integrate nostr on top of those log ins without necessarily custodying their users nsecs? 

Really trying to see why and how this works in two ways.