It's like that meme from back in the day. Once upon a time, there was a troll on a forum that said, "You know, if you type in your password here, the forum will detect it and turn it into asterisks. Here's mine: ********"

And a bunch of people went along with the joke, posting their "passwords" but just typing in a bunch of asterisks and saying, "Wow it worked!"

Then some poor guy came in and actually typed in his password, and it came out as "hunter2". The forum didn't know it was his password, so it just let him post his real password because he'd been scammed.

But as it turns out, Nostr fixes this. At least in Damus. Because if you try to send your password, aka your nsec, in a note, Damus can apparently recognize it and and replace it with your username, aka your npub, to prevent you from accidentally sharing your private key with the whole world.

Because everyone's "password" is in the same format on Nostr, the nsec string, it's easy to make sure you don't accidentally share it, unlike passwords, which can be anything at all.