I guess the main issue with local storage is the same with any other browser storage - a successful XSS attack could read the data. So probably encrypting with a passphrase would be the way to go? Or relying on a remote signer