First of all, @Gigi wrote a really good article in response to this new implementation of deriving a single taproot address from your nostr private key. (Nsec)
It has been somewhat controversial here with many people saying it's better to have the feature than not to have.
This is like handing a loaded gun to users who don't know anything about guns.
I would just say this, if you choose to use the address linked to your nostr identity, you would do yourself a favor to be extremely careful about what you post when it comes to details about your physical location.
Having a rich list of nostr addresses that you can feed to AI that can then scan their accounts, look at pictures that they took with their phone, and possibly determine their approximate location.
Well, need I say more?
Finally, you don't have to be a privacy guru to realize why this could be dangerous. But unless you are, you don't really understand how much information this could possibly reveal, not only about you, but about your friends and acquaintances.
Ah well...

dergigi.com
Careful, Icarus - Why "on-chain zaps" are a terrible idea | dergigi.com
Tying identity to onchain activity is problematic in more ways than one.
