Every component has its own self-generated nsec. No relation to the users nsec. It’s the job of whatever client to protect the nsecs. I don’t want to store any user data, especially the user’s nsec. If the component nsec is compromised, burn the data asap to another self-generated nsec.