Technically nothing. Practically everything.

Try guessing mine.

Math.

Do you really think brute forcing a specific nsec is something you could do any more easily than a bitcoin private key? And please spare me the quantum argument, because that would impact all encryption and nostr keys would be the least of anyone’s concern.

That is true, which it’s why it’s the user’s prerogative to keep that code safe. There are also some sophisticated options emerging to make key storage and app login easier and more secure. But when you think about it, how do other social networks avoid centralized account management and recovery, which allows your credentials to be revoked by another party? If you do lose or get your key compromised here you can just spin up a new one and let your followers know you’ve moved to a new key and not to interact with your old one. Nostr is also much more than a social network. It’s a landscape of applications built on an open protocol. There’s a lot of value in that.