As users who keep our entire digital lives on a single nsec, this is sobering.
Hopefully most of us have been signing web clients using a browser extension, but for any standalone apps where the only option we have is to paste our key, the best we can do is pray there is no malicious or buggy code that will compromise us.
It’s past time we had a way to fix this, or anyone who thinks this experiment in open source decentralized communication will succeed is fooling themselves.