When you paste your nsec into an iOS app you're putting your trust in the operator of that app, no matter what code has been open-sourced. Most operators here I'm sure are worthy of that trust. But it is important to realise that this is a human trust situation.