If the encrypted keys are stored publicly on nostr relays and are encrypted with a human-generated password, couldn’t some be brute-forced by trying a bunch of common passwords?