Actually, in wg0.conf the private key is defined in clear text. Which allows dump of physical disk to grab it and to fake this client. Wouldn't it be safer, to cipher the private key somehow ?