All solutions are temporary until we can keep our private keys truly secure instead of having to input them into clients.
Discussion
More people should checkout NIP-49, encrypted private key import/export. So far the only client I know that implements this is the Gossip client by #[13] Worth checking it out.
It's fairly trivial to fix anigma: escape innerhtml and implement window.nostr, so that it doesn't need to store any private keys. I'm not sure why no one has done it, maybe I'll do it this weekend.
rogue code can still decrypt your dms if the plugin is set to auto-decrypt