Zapple pay stores the key to your wallet in the clear. The owner of zapplepay could just drain all connected wallets, or get hacked and have same effect
At large scale (zapplepay) it becomes an attractive target
quotingIf this becomes the preferred way for people to use nostr, then the nostr client becomes a defacto custodial wallet, even though they may not be focusing on that.
note10wl…n7ml
It's a change from a "push" based payment to a "pull" based one. The responsibility for security of customer funds now rests on the nostr client. How much: All of it? None of it? Some of it? Do they even want that?
If an exploit is found, or bug introduced - hackers will very quickly exploit it to its maximum (one of the best things about lightning! but also one of the most challenging). Even with limits set, that can be a lot of money, and a lot of damage to everybody involved.