Nostr needs self recovery key model like bluesky/AT protocol. Current solution to nsec compromise is to burn down and rebuild your network. This could be solved with self recovery key approach or with Web-of-Trust voting on the new correct npub, I think. But what do I know? I am humble enough to know that I could be wrong.