Both? I need just your private key rigth? and the delay in knowing that you were compromised?

and my passcode.

Your key, your passcode. And upcoming versions one time password if you opt in 2FA.

Also, I have just ask for funding, if approved, a share of it is paid for security audit and code audit. To be honest, I think the encryption is fine, the algorithm it’s not written by me, but using packages that everyone are using to encrypt stuffs. Im more concerned about your passwords missing entirely because of the relays.

if you don't roll your own crypto are you even cryptoing, bro?

Does calling ndk functions count? signer.encrypt()

Coming to a Nostr micro-service near you: PabloCoin.