Trying to understand #nsecbunker and nip-46.

So I think that,in order to control the bunker, you have to have admin credentials for the bunker.

And if these admin credentials get stolen, the thief then controls your private keys, i.e. the ones you deposited inside the bunker.

Is that right, or am I missing something?

I'm just trying to figure out what you have to keep secret when using nsecbunker.