Thanks for trying it!

Nsec.app does talk to a backend - to subscribe and get woken-up when there are pending nip46 calls on a relay. But nsec doesn't leave the device unless "Cloud sync" is enabled. I think I will make the "enter password - get your keys synched" the default flow, advanced users could disable it.

The OAuth flow isn't working well from a new device/browser, that hasn't been handled yet. For now you'd have to log in (through cloud sync) or import key into that other browser manually before connecting to new apps there.

It is confusing, because the app looks like a normal web app that's supposed to work across devices and show the same data, but underneath it's not (yet) like that, because it's non-custodial. But that's all fixable and on the roadmap.