I still think nsecs should be disposable. Instead of guarding it like your life depends on it, would be best to have an ability to recover via some sort of porting (when a key is created, have it delegate another recovery key or something). This way you don't need to be so careful and if one leaks, have the ability to recover from the other (at the same time delegating a new key).

What's wrong with this thinking? Am I overlooking something? Or is this just technically not possible?