you don't even need to save nsec in database, it's supposed to stay on the client side.

unfortunately I know for a fact one client transmitted nsec to server and was saving it unencrypted for all their users in central db.