Ok, I’ve done some digging around the source code and I think I’m starting to get a better understanding of this. Excuse my mind dump, but maybe it will help someone else too!
So, ‘key-pair’ on its own is confusing, as there are 2 main types (as I understand it) - the client key-pair (used to connect the client to the network) and the application key-pairs (used by your apps).
When you login with a passphrase and password, the location and the client key-pair are derived (through various hashing routines).
The client key-pair is used by the client to connect. I haven’t explored far beyond that, but I can see this client key-pair is being passed to the client when it connects to the network. Said client is also used to retrieve a balance, so they client key-pair presumably must be used here.
The location is used for storing/retrieving application key-pairs. These are stored in a permissions map.
When you create a safe, the client derives the client key-pair and location, then connects using the client key-pair, then prepares the permissions map to store your application key-pairs.
When you unlock a safe, the client derives the client key-pair and location, then connects using the client key-pair, then retrieves the permissions map containing your application key-pairs.
So, my chatter above about storing the key-pair to retrieve the location is full of holes. Of course your client key-pair and can be kept offline as it isn’t stored on the network. Only your application key-pairs are stored on the network. Likewise, the location of the application key-pairs isn’t stored on the network (that bit is obvious!).
Both the client key-pair and the location can either be derived via passphrase/passwords or by any other means. They can be created/generated externally, stored on an external device or whatever is ideal. However, you need a safe to exist at the location in order to store application key-pairs.
I want to explore how the coins relate to the above, but things seem much clearer in my mind after reading through the code a bit. I hope the above may help others who are grappling with the terminology/explanations without a complete understanding of the code!