If I know you use Amethyst with an nsec in it, I can browse Amethyst's code to find security vulnerabilities or social ways to attack you. I can mimic Amethyst's UI in a website and fool you into giving me your key.

The smaller the client, the worse it gets. And since NIP-17 requires so many decryptions, it is likely that chat clients will almost always have an option to use nsecs directly inside of them.