You should never give your nsec to anyone or any site asking for it. That's just begging a bad actor to come along, have you plug your nsec into their site, then they can do whatever nefarious deeds they want with your nostr identity. When using the getAlby extension, it holds your nsec in the extension itself and only ever signs nostr events using that nsec-- it never directly shares it anywhere. It makes it so you can just click a button to log into many sites that offer Lightning logins with just a click of a button.