Yes I agree, for now if you use WCW enable 2FA and add a very strong password that isn't used for anything else. Alternatively just use the desktop version with a hardware wallet like ledger to save the keys more securely.