I hate the idea of relinquishing my nostr private key to a web application. It just extends the problem of handing over the keys to the kingdom to randoms that you absolutely shouldn't trust.
Discussion
Iris is a web application you can self host to avoid this problem, kind of.
The truth is unless you distrust your browser or the encryption behind https there is no difference between local and web. If you do distrust them self hosting doesn't solve it.
Not gonna lie- Browsers do not deserve our trust, and that’s one reason I loudly chant “Fuck Electron!”
I use getalby.com's Firefox extension. It's open-source (https://github.com/getAlby). You can set your nsec within the extension. Any sites that you want to use, you can approve them to be able to see your npub. Any notes you want to send can be signed by the extension without revealing your nsec.