Don't know why he posted this as a vuln, but the issue is still there that you can just run a crypto data breach, get some hits and steal funds without the option for protections l/2fa
The point of my original message was that your privatekey shouldn't be stored on other peoples servers, especially in the case of honest where you can't chose to use another client.