You have no idea what any software does with your keys unless you audit it, then compile and install it on your device yourself. Oh, and audit your compiler. And its compiler...
If you have a piece of software, that can read supposedly encrypted messages on several devices, it is obvious that it does something with the keys. You don't have to audit the compiler and argument into ad-absurdum.
The Sesame protocol lets the linked device generate its own keypair, the only thing in common is your user id. Each private key never leaves the respective device.