To let the user be able to assemble his keys, data and code, he needs to store this logic somewhere right? But then if you store this encrypted with the users nsec, then an nsec leak leads to total leak. So how do you make sure, the users nsec leak does not lead to full compromise?
Discussion
Every component has its own self-generated nsec. No relation to the users nsec. It’s the job of whatever client to protect the nsecs. I don’t want to store any user data, especially the user’s nsec. If the component nsec is compromised, burn the data asap to another self-generated nsec.