For starters super just yesterday confirmed an implementation wasn't even doing basic mitigation for key tweaking (tainting mints to correlate to user metadata)

Even with that mitigated, your still trusting a server not to use its upper hand to deanonymize you... Better to just use a database you trust directly without the bullshit, can always use ephemeral keys for access

We do this using nostr notes only in lightning.pub