about their caching setup I only know about their caching server, if it's this I don't think it relates here. nsec security I don't call it a Nostr best practice, I call just security best practices that applies to many things, nostr just offers different specs with different tradeoffs. about the QA I agree, about the honeypot ok I get what you mean and it related to QA as well and yes the attack vector is bigger than amber, but to do all these they would just be building another Amber, and these kind of attack vectors are in every app where you can paste your nsec or generate keys. Your arguments makes sense but I don't think it's like bad practice, or vendor lock-in I think they implemented nsecbunker integrated in the app for convenience and I think the tradeoffs are acceptable, I don't know if they support any bunker or amber though, if they did it would be better.