Well, yesterday i reported a critical vuln and just found another one... the "__session" for a keychain logged in user and keystore is a none encoded JWT String containing all keys and passphrases... ouch.