"Second, it is a pain in the ass. Even if you use PK for all your ssh access you will have to maintain a password just for nx sake. Come on in the year 2010 (or 2011 for that matter) it is totally idiotic to use ssh with passwords for normal daily jobs."
Ok, I've gotta call you out on something... You have a good and informative post, I will agree, but you also called the devs at NX lazy, complained about your perception of their security measures and yet you're here complaining about having to use a password....
I personally like the password because that means that someone can't get unchecked graphical access to my remote machines by simply catching me on a bathroom break with my screen unlocked. In your scenario it would only take a single click. Yes, they would have access to my laptop but I'd rather have at least a password between them and access to the remote systems I admin.
I don't ever remember being encouraged to keep the same public key for NX but I can safely say that my setup uses my own PK.
Also, I don't think that you have the NX login sequence entirely correct because while the first part seems accurate, I can safely say that NX can NOT be spawning a second ssh session using my password because passwords are forbidden in ssh by policy on my system, so it'd have to be using my PK, or doing some other form of login. I could be wrong but that's the impression I got while learning to set it up with RSA keys a while back. And just to let anyone know who might be interested in setting up RSA PK authentication with NX, you have to use NoMachines node/server/client from their site, the FreeNX/OpenNX only do DSA.
Also, if I have my own PK pair setup for ssh, I'm pretty certain that even if I leave the NX keys as default, there isn't much chance of someone using the NX account to bruteforce passwords as you suggest because even if my system allowed passwords for ssh, they'd still need my PK to even get the NX session spawned. Again, I could be wrong on any of these points but I checked this pretty thoroughly and that's what I've seen thus far.
Regardless, I see your complaints boiling down to the out-of-the-box experience of NX versus having to actually work to configure and secure the system properly. I don't really have issues with having to do extra work to do that.