Always use an alias email if possible such as simplelogin or addy, sad to hear this is happening right now to nostr ecosystem but I solely think that the issue is more about how web ecosystem work with these stuff no XSS protection using JS and so on