Practice safe nsecs, don't raw dog it into any apps. Use a signing extension. Nos2x, amber etc.

If you did this with coracle, my take is probably nothing will happen, but you can't use that nsec to store any kind of nutsack/ecash anymore. 

I do applaud nostr:nprofile1qqsf03c2gsmx5ef4c9zmxvlew04gdh7u94afnknp33qvv3c94kvwxgspz3mhxue69uhhyetvv9ujuerpd46hxtnfduq35amnwvaz7tmjv4kxz7fwwajhxar9wfhxyarr9e3k7mgprdmhxue69uhksmmyd33x7epwvdhhyctrd3jjuar0dak8x6lmt90 for doing the right thing and disclosing, this is a major mistake and a devs worst nightmare. But it's also a user mistake to just paste your nsec into websites. This won't be the last time a security flaw will be discovered.