Khal, the point is decentralising the points of failure. Many browsers is a lot better than only having to compromise one website (making it a massive target). PeakLock encrypts it when not in use. If the browser is compromised at the point of setup, neither provides security.
Yes I understand this, the implementation was - in our opinion - better in some senses but obviously lacks in others.
We decided to change it to the same implementation as other UIs.
Ours (LeoAuth) now has the same exact setup as PeakLock
https://inleo.io/@leofinance/leoauth-login-method-update-security-and-localstorage-vs-cookies-2c6?referral=leofinance