I know there is an app to store it in, but that’s just trading one attack vector for another. I wonder if there is a way to make your nsec only visible client side, so there is no way to extract it from the client itself. Sort of how you can use a cloud storage app that has client side encryption so that the server maintainers don’t have access to your info. Right now, my biggest worry, especially with most of the clients being open source, is that someone will figure out a way to gain access to a user’s nsec.