if the browser is hacked (maybe through a plugin), the session cookie can be obtained or a javascript can be ran on the ui.
if the user is ordinary, then it gives access to the user's data
if the user is an assurer, then it may give out fake assurances
if the browser is hacked (maybe through a plugin), the session cookie can be obtained or a javascript can be ran on the ui. if the user is ordinary, then it gives access to the user's data if the user is an assurer, then it may give out fake assurances