Description
I don't know if this is the place to start a discussion about that. But I'm really concerned about the security of electron apps.
As I could see in some PRs, we have a lot of apps in the page of electron that are closed source. And the problem is with the ones that asks for credentials.
For example, I really loved the idea of Biscuit, from @agata , but I'm not convinced at all that I should use this one since no one really reviewed the code.
Let's me exemplify:
And yes, I totally understand that the app needs to do that in order to provide the functionality purposed, BUT, how can I really know or have some kind of trust that the app is not getting any kind of data from me?
My suggestion is to not allow closed source apps that require user to input some kind of secret or that is a browser.