yeah, any app that releases with inputing nsec as the only login option is half baked at best and malicious at worst.