Yes, it's hard for humans to spot phishing websites which could be trying to steal your keys, that's why an extension is generally considered safer to keep your keys in. If you want to be 100% secure, I recommend installing the extension from the github source, instead of from the extension store. This way, it will not auto-update and you are sure to be running the open source code.
You are viewing a single comment's thread from: