Right. You’re correct that your private key should always be protected. By entering it directly into a client you’re not actually sending it to or sharing it with them, your browser is using it to sign events for you. It’s much safer to sign out of those clients and only use the Alby extension to access them in the future. This way you aren’t taking the risk of having it copied into your clipboard where you can accidentally paste it publicly.