I think the memo private key is stored secured with your password, and only the hash of your password should be saved server-side (salted to boot).
Well they have to generate them first, nothing stopping them making a copy before salting and hashing them. You should reply in the topic btw 👍🏼
