The smugness of this post reaks. Rather unwarranted considering the number of XSS vulns found, I also question their classification of these, XSS in this system entirely breaks their "encryption as a mass product" philosophy. (provided you give them the benefit of the doubt and assume its for the users and not their protection)<p>Taking they want to tout this system as security focused I'm quite amazed they seem to not have scrubbed a single output. I highly doubt they fixed it properly either.