Although even this is pretty sketchy. I would feel uncomfortable pushing this as a nostr login solution, because if your key leaks then anyone has completely open doors into all the websites you visit, and theres nothing you can do to stop it.
The DM login thing is a bit of a hack that we started doing for purple, but it was never meant to be a permanent thing.
https://github.com/nostr-protocol/nips/pull/1042
is preferred
Discussion
I like simple. Sending ecash by DM was also called a hack, but, heck, I like the simplicity. I also like the approach that all security is vested in protecting the nsec. Safeguards can be added in where required. The other thing I like is that login by DM and ecash by DM, I can implement without waiting for a nip. It's all about experimentation for now.
Same goes for nip04 and nip05. Simple. I'll manage the risks for now.