I don't see the purpose of this app, as it literally just runs "app.cinny.in" in an iframe, meaning you have to trust the server, "cinny.in" with your 'encrypted' messages. Isn't this the main issue with running this as a webapp? Whoever runs 'cinny.in' could just run different code than they claim to run and scrape encryption keys or messages pretty easily.
I don't see the purpose of this app, as it literally just runs "app.cinny.in" in an iframe, meaning you have to trust the server, "cinny.in" with your 'encrypted' messages. Isn't this the main issue with running this as a webapp? Whoever runs 'cinny.in' could just run different code than they claim to run and scrape encryption keys or messages pretty easily.