It is fine indeed, but it would be nice if they could recover their account via email. If I were to build a system for this I would give the option of the ability to recover the account with email, if activated, you should have a disclaimer explaing you the risk of someone taking over the account and know that nsec is more secure. So people can choose convenience over security and enjoy nostr with us :).