Your nsec is stored in a JWT token that’s kept in an encrypted cookie in the browser and made available to the session for signing. When you sign out the cookie is deleted. I wouldn’t recommend logging in with your nsec directly for most sites but i give users the option for testing and if they’re on mobile.