What if the Firefox account's password got compromised and the attacker doesn't have access to any of the user's devices?<p>The previous sync (Sync 1.1 aka Weave) used to protect against this scenario by not allowing any synced data to be decrypted at all (since the sync server does not have your secret key at all).