Seems like a very small problem. Giving a posting key is not terrible from a security standpoint but is terrible from a UX point of view.
Doesn't matter if it is posting or active, the UX is terrible. The best solution is clearly to increase keychain adoption in dapps, or to stop using those that don't.
I agree with you. Having your posting or active key compromised is not a big deal (except for active key if you have a lot of HIVE tokens or HBD in your account) as long as your owner key and master password remain safe.
My only problem is having to enter the corresponding private key (posting key or active key) because I am using the Tor browser that strongly recommends not to install any extension or disabling private browsing, so I can't use HiveSigner (or equivalent) or save my private keys directly on the browser (unless I go against the recommendations and install/store anyway).
Having your active key compromised is actually terrible news, as soon as your transfer hive to your account, it could get stolen.
And if your owner key gets compromised, they can change all they keys and steal your account, it's the owner key that you need to protect most.
And even your posting key being compromised is an issue, how do you feel if your account was used to spam thousands of posts with malware/porn/whatever everywhere that can't be deleted ? At this point you might as well create another account.
"My only problem is having to put the corresponding private key (posting key or active key) again and again" Well at some point we do need to authenticate you one way or another.
Thank you for correcting my post. I have edited my post to get my point across without the incorrect details.