Everything has tradeoffs, but if you're comfortable verifying the authenticity of the software and know what safeguards make sense to protect your key(s), myself and many others see this as a very reasonable approach. With reproducible builds coming very soon, the assurances get even better.
Is there a strong case against only using nostr:npub17tyke9lkgxd98ruyeul6wt3pj3s9uxzgp9hxu5tsenjmweue6sqq4y3mgl as your signing devices? So far I can't see no downside. Supply chain attack = unlilely + nowbody knows you even have it. Anything I'am overlooking?
Discussion
I love your balances approach. It might not be for everyone but it is a very valuable tool in my toolbox and I thank you for bringing this idea to life.