that's a good question and valid concern. so, we can store them also on our own relay. what about maybe a sync feature where all passwords are stored also in a local database that can be re-broadcasted to different relays in the future? so, if your relays disappear, you aren't screwed because you at least have a locally encrypted copy?