If this becomes the preferred way for people to use nostr, then the nostr client becomes a defacto custodial wallet, even though they may not be focusing on that. It's a change from a "push" based payment to a "pull" based one. The responsibility for security of customer funds now rests on the nostr client. How much: All of it? None of it? Some of it? Do they even want that? If an exploit is found, or bug introduced - hackers will very quickly exploit it to its maximum (one of the best things about lightning! but also one of the most challenging). Even with limits set, that can be a lot of money, and a lot of damage to everybody involved.

so: theft. with exclamation marks for charisma. !

I agree, somehow I can't justify to add my wallet details to a nostr app. I rather open my wallet to pay. I don't want to have an App X at the end, that does everything, which can turn into bad quite quickly.