yeah agreed... Thanks for the tip on NIP-46. I have to do more research. It's tough because PWA's seem to be the easiest entry point into creating an agnostic app. I think in the interim I will simply make it clear that the nostr key, being stored in a browser, is to be considered a throw away while a solution like NIP-46 or similar is implemented. This message on damus.io/web summarizes at least one of the inherent dangers pretty well :