In Mastodon your identity is tied to centralized instance or domain name, you can be deplatformed. Not so with #nostr. Biggest risk here is leakage of nsec private key.
Discussion
It doesn’t feel safe providing nsec key to nostr clients. How can I know that my key isn’t logged by the client?