Just need to audit the client source code. Strongly encrypted payloads can be stored out in the open, so assuming the implementation is salient, it could be secure. The concept is fine, although I wonder how reliable #nostr is for data replication.