In summary, it supports a number of block ciphers (many of which are obsolete and insecure), uses the CTR mode of operation, PBKDF2, and no authentication.<p>Edit:<p>Also, I don't think it destroys the password from the memory after deriving the key, or the encryption key after closing the stream, neither does it try to lock the memory (where the sensitive data is located) from being swapped out.