Great list! As for the first one, is it even possible to use Nostr and protect your key as securely as you would your Bitcoin keys? I'm certainly not putting any Bitcoin keys that I care about into a browser extension, for example. Until there is a widely implemented standard for doing so, my working assumption is that my nsec has already been compromised, and my Nostr experience as a whole is merely experimental.