This would mean storing passwords in plain-text server side, which is worse. We're following the best practices of other major platforms (Yours.org, Blockchain.info).
Other domains can't access the local storage of memo.cash, right? Can desktop apps? I wouldn't put a lot of money in my memo wallet anyway, but I think it should be a safe practice.
Correct, local storage can't be accessed by other domains. It depends on which browser you're using, but I think all major browsers encrypt cookies, local storage, etc on disk.
Looks like I may be wrong about this. Sounds like Google's stance is that if someone has access to your computer, they also have access to your browser.
It seems that other webpages cannot access it, but any local application could. I think Google is right, any local executable could just as well be a keylogger.
