Multiple native apps only allow for copying and pasting. At least one doesn’t even hide the nsec in their settings. Regarding Nostr website clients, they’re limited by the browser. For example, Nostr PWA’s on phones and tablets cannot access the extensions designed for desktop versions of Chrome and Safari.

I mentioned above that native apps are a different story, especially on iOS where there really is no other option at this time. PWAs are also a different matter. If you are using PWAs on iOS then pasting your nsec may be your only option. Not sure if nsec.app might work for that use case. Either way, I still wouldn't recommend pasting your nsec into a client if it can at all be avoided, regardless of how much you trust the developer. It's a matter of how cavalier you want to be about your nsec possibly being compromised. I have been around here long enough to know that even the most well-intentioned devs in this space make mistakes that can compromise users' private keys. Hopefully we will see a signer app for iOS developed that will work similar to Amber, and which can be used both for native apps and PWAs. I saw that @Terry Yiu is going to be making this a priority.