It cannot fundamentally fix this, since the nsecbunker carries out the crypto operations with the nsec, it has to be used there in plain text, i.e. it has to be in memory at least for a short time.
Key rotation + Derived keys fixes this? nostr:npub1gzuushllat7pet0ccv9yuhygvc8ldeyhrgxuwg744dn5khnpk3gs3ea5ds #SovEng
Discussion
I know. But I'm imagining that that nsec is a derived nsec from your main one in cold storage (something gzuuus starting working on).
So a normie makes an account at a bunker provider.
The bunker can see that nsec.
But when the normie is ready he can rotate to a new nsec he derived from a mother nsec in cold storage.
Or he can rotate to another nsec from another bunker provider in case of rug pull.
yes, it mitigates the consequences if a key is lost.