Bunker as I understand it doesn't prevent a user from losing their private key. In fact, you have to give it up to the application you're using. Limiting exposure to Amber (what I use) IS better than giving every app my nsec, but I still gave it to Amber and still have to secure it myself ultimately. A Bitcoin cold storage type system is my ideal solution. Store the key totally offline and only ever give it to a signer that is offline. And also have sub keys maybe that can be expired.