Bell nonlocality is not sufficient for the security of standard device-independent quantum key distribution protocols