The main problem is that a lot of Lightning, ecash, etc. wallets allow you to associate an nsec to unlock the wallet. Not many people pasting their nsecs into random vibecoded apps are security-conscious enough to use a separate Nostr key, so if one of those vibecoded apps leaks nsecs, you can pretty much scan the respective lud16 for half a dozen popular wallet domains and, more likely than not, hit the BTC jackpot.
Discussion
Oh yea, if you're raw dogging your nsec around like that, good luck.
The more I've looked at NWC the more I think I'm just going to keep paying the invoices manually with my existing lightning wallet. It was annoying when I was using speed wallet but now that I can see who zaps me using Zeus I'm pretty content with the flow as is. A little friction with the flow of money is often a good thing.
You can send zaps out with ZEUS with NWC in our next release. No need to reveal your nsec to us.
Receiving remains the same.
What are the trust tradeoffs when choosing a nostr relay for NWC? What information about my node am I giving up to relay operators or assoiating with my npub?
Only what you broadcast publicly. You use a new key pair for each NWC connection..
I did hear that and will be taking a look, but not actually sure it's something I'll be using regularly. I sort of like a bit of friction in sending money -- call me old fashioned.
But I do appreciate y'all giving us options :-).