Hear me out: with NIP46 remote signing, it's safe for your own account to sign received zap events, i.e. your npub could be the zapper npub.
The implication is: we can make zaps more trustworthy if their signed by the npub that claims to have received it. Right now lnurl provider zappers usually use their own random keys.
This could even work for custodial wallets! A custodial user can provider their custodian a nsecbunker URI that only has permission to sign zap events.