Back in ancient times, I accidentally saved my hex private key in the nostr.json file on my web server when I was setting up my first NIP-05. Fortunately, I caught it immediately and swapped it out for my hex public key before anyone noticed.

It's quite easy to click "sign up" instead of "login" and end up becoming Mr Nsec. Then you click sign out and try again, before or without realizing that now you don't have access to that new self-doxxing account either (and maybe could have reduced the risk by changing the username and hoping nobo...