I’m always amazed at the application-level security I get for free, because security is baked into the root of the nostr protocol.

For example, I have a nsec that is dedicated to the service and I use that key to encrypt and decrypt user browser session cookies. If I suspect my service private key is compromised, I simply re-generate and rotate, and boom, everyone needs to log back in again.