Well, when you're sending a zap you want it to be seen, so your client must choose wisely where to publish that. I think you'll likely want to publish to places the readers of the note you're zapping are likely to read zaps from.
Discussion
yes, but the LNURL-ZAP provider needs to publish it, and I was wondering about relay authentication for that.
IF relays authenticate users before allowing websocket connections then the zap provider needs to also be authenticated there. (which is the question how zap providers will do that - How will a zap-provider publish a zap to a client defined relay that requires authentication?
(nothing that is currently the case as all paid relays only authenticate signatures afaik. but my assumption was that websocket connections are the expensive ones so relays might want to only allow authenticated connections in the future)