I'm at the point where I think we should start shaming web apps that allow you to paste a private key

Devs, do you REALLY want the responsibility of getting someone keys and having those keys compromised?

REALLY?!