It would definitely be client dependent. At least if the clients are fully open source, it’s much less likely that a dev is sneaking something in to steal your keys.

But it’s always best practice to not enter your nsec into various/random clients, but use an extension like Alby if you want to log into different clients with the same profile