I’m struggling to see what would be the benefit of using an nsecBunker at all if the client is going to end up with the secret though, the only reason I would see is to share the nsec with a new client by leveraging this new auth_url response, but don’t know if such a niche user flow warrants this. Makes sense?

You are not sharing the nsec. You will be sharing just the sum (nsec+npub) of each conversation. In NIP-44 its impossible to calculate the original nsec just with the conversation key. Clients can then encrypt and decrypt messages but they can never sign for them. That's the role of the bunker.