You still have to enter your nsec to primal to login. This is a nostr anti pattern.

Ideally your nsec should be stored in "nsecbunker" or amber and never leave it. Here's the login page of the flotilla app. See the difference?

My nsec is stored in amber, and should not be entered in any client. Instead, the client should remotely connect to amber to verify my identity and sign my notes.

Another issue is that, in the settings, it allows you to copy your nsec to the clipboard without verification of your identity. Also not good.