You're changing topics to sidestep the issue. Since you're being paid to know best how to develop Amethyst, but your rational is that no one is being paid to increase Amethyst security, is the lack of security really a lack of funding, or a lack of prioritization?

It's lack of knowledge. We just don't have anyone in Nostr that is a true security dev. But again, our solution is to use signers... ALWAYS. That minimizes your exposure. I don't know if clients will ever get to the security model that a signer can get.