Nos2x (like Alby or any other Nip07 extension) injects an object (script) into the web page that allows the browser to ask the extension to sign events rather than having to sign them within the page itself.

This is more secure because if the website got hacked and your private key was visible to the page (through a variable of some kind, which it would have to be if the web page itself was signing the events), then the hacker would have access to your private key and could use it for nefarious purposes. With the extension holding your key, and with the website unable to access any data stored by the extension, it's much more protected.

Even if the hacker used the extension to sign some events while you were on the page, the hacker still does not have access to your key and you could stop using that website without compromising the security of your key.

Of course, you have to trust the creator of the extension not to use your private key.