That is the primary purpose though. To sign transactions. Not your keys, not your notes. If you feel safe doing that, that's on you. I'm just trying to give what's seen as best practice for your security. People have already lost their keys in XSS events in some clients.