Use a browser extension like Alby, nost2x or Nostore (Apple/IOS). These let you sign using your nsec without actually giving it to a client.

But if your sec is Leaked, the only option AFAIK right now is to abandon it and start over. You can always repost your important old posts.

I think the protocol guys are working on some kind of key rotation NIP, so maybe one day you'll be able to roll your nsec.