I do pretty much the same using Nostore on iOS and only using my nsec directly in Damus. I’ve got a complete separate nsec that I use just for testing other clients etc so if it ends up somhow compromised I haven’t lost my main account.