That article is already out of date though so just shared an addendum on HN.
To the best of my understanding, @npub1get…0nfm is quite safe. You’re storing the keys locally in your browser extension, not on their server. While this is still not as safe as using the secure element on your phone, I don’t believe anyone I know has had any issues. @npub1get…0nfm is also open source with lots of eyeballs on it, which is good for security. What’s more, they now offer child key permissions to restrict what can be signed I believe. Perhaps @npub1xv8…lk3x can share more details