Right now deep storage of your nsec would be too inconvenient. With this NIP, it would become convenient as only delegate nsubs would be out in the world, treated as we treat nsecs now, and would be revocable.
Discussion
I know there is an app to store it in, but that’s just trading one attack vector for another.
I wonder if there is a way to make your nsec only visible client side, so there is no way to extract it from the client itself.
Sort of how you can use a cloud storage app that has client side encryption so that the server maintainers don’t have access to your info.
Right now, my biggest worry, especially with most of the clients being open source, is that someone will figure out a way to gain access to a user’s nsec.
My vision on this, especially for high value brand accounts, would be a never-seen nsec on hardware, or a simple highly specialized and secure application, that's just used to sign nsub delegations and revocations.