Listening to Shinobi complain about Nostr reminded me that I had the same complaint early on, I just had a lower IQ take on it. Key management is absolutely a problem with Nostr. I thought delegated signing would fix it, but really something is needed at the protocol level 
Discussion
Nah, off-protocol key management is the solution
There needs to be some way that you can have a Nostr key that never touches the internet or touches something that touches the internet. Somewhat like cold storage. If my Twitter account gets compromised, theres a process (awful, but its there), to get my account back. There's nothing like that with Nostr, once that private key gets compromised its over. Alby is good, but its a bandaid.
I don't know how you fix that without a protocol change. I suppose you could come up with some novel approach in a NIP, but you'd need every client to adopt it or I suspect your posts won't appear in older clients.
I see what you mean now.
I don't understand qhy we don't just use some kind of waterfall HD keys like in bitcoin.
Master nsec--> derive multiple nsec
When you see a key with a higher derivation number you consider all previous keys compromised and mark the messages with those keys as compromised.