Just clarifying since you said “via QR” at the end of your last reply. The text of the bounty says “When this approach is used, prevent export of the key in the app itself to provide better security around someone getting your nsec from your phone being open.”

So prevent export [entirely] just for keys that are imported in this way. Otherwise you go from cold to semi hot keys to fully hot. It’s an imperfect solution while we wait on nip 26 I believe.