I just published a new guide on the differences between Bitcoin private keys and seed phrases.
Self-custody is crucial, and confusion between these two is common. The article breaks down their specific roles, how they relate, and why the seed phrase acts as your single point of failure.
Writing this helped me dig deeper into the concepts, and I'm working on adding more educational content to the site to help people secure their wealth, so I'd appreciate any feedback!
There are some nuances with BIP-32 key derivation (especially of the xpub non-hardened derivation kind) that could invalidate something you wrote:
Note that if you shared your xpub with someone and the same person learns a single leaf private key, they can derive all the non-hardened keys in the set, while hardened keys prevent address derivation without knowledge of the private key.
So you should always be aware that by using xpubs, you weaken your security through the key derivation algorithm itself. Doesn't have to be a huge problem as long as you're really careful with your xpub, though.