I'm trying to figure out if my private key can be stolen after I unlock my account.
If you leave the account unlocked do you mean?
Yes, as is required for forging.
I would lean towards no, that they would probably have to have a key logger or something like that on the machine.
And if the Nxt server is running on a remote VPS, I would think they would have to intercept the passphrase another way. I'm not sure what that way would be but I think it would be possible if the system were compromised *before* the passphrase was entered. What about after?
Even if you unlock the account, close the browser and reopen it, it require you to re-enter the pass phrase again. I assume to prevent someone from doing what you are suggesting, just opening the browser and transferring NXT out of your account.
Does that help?
It does if you're right.
![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif)
Can anyone chime in on this?