If the nsec is only known to the client and all message signing performed by the client, how does a rogue employee get access to the nsec?

https://github.com/PrimalHQ/primal-android-app

Note: I have not reviewed the source code.