Implementing an email-based recovery flow right now, and it's incredibly prone to very bad security-related errors. Nostr makes everything so easy, the threat model is incredibly simple when the user holds their key. Having keys even makes email based recovery more secure, because I can use them to guarantee that the person who initiates the recovery process is the one who completes it, completely eliminating a whole class of MITM attacks.