Comment by jcgl

> every time you type the password to decrypt your private key you should worry about the possibility of some software running on your machine reading it and sending it somewhere.

Yes, I believe you should. On OSes without sandboxing and protections against exfiltration, this is a substantial concern. And you’d be foolish to e.g. keep a bitcoin private key lying around in your home dir. For this same reason, I think the common practice of leaving non-password-protected SSH keys in ~/.ssh is terrible.