Create account

replied 1981d
Malware can search for it because the data has the same rights as you. Instead of stealing, it'll just post spam from your account. At least that's how I'd exploit it.
anarchovegan
replied 1981d
Simon Van Gelder
replied 1981d
AFAIK only the PW is local, and signing is done via conjunction of the server key and PW. I think changing your PW would shut-off compromised browsers.
Simon Van Gelder
replied 1981d
But if the attacker has the wherewithal to export the private key from within the account, you're out-of-luck for that address.