Yeah I figured that would be the case. Owning your own keys is fine and all but if widespread adoption is attained then there will always be breaches. With software doing the signing too you can't really keep it air gapped.
I wonder if a pimary/secondary key system could work, like you create a primary key on hardware then sign to associate a secondary key with a single identity. That way if the secondary key were compromised you sign a new one and unlink the old one.
Breaches will happen, but I'm optimistic that people will just learn how to manage keys the same way as they learned to manage passwords.
Fortunately some keys are not as sensitive as others. Your or my nostr key is meh, Taylor Swift's key is less meh and bitcoin keys are 👀.
People will work it out and each new "type" of person will make the tools they need for themselves until it just becomes second nature.
My point being btw that not everyone can do passwords, but they get by anyway and some have security teams for their company or use services to protect their security for them.
This is still 100000x better than 1 central authority.
With passwords however, a breach is temporary. Recover the account, change the password and all is fine. Not so simple with a key.
I dunno, I'd bet a scammer would love to be able to post as a celebrity to get massive reach from a trusted person. "Tickets on sale now (link)" for example.
