[MaKleSoft]

What alarms me much more than the appearance of bad code quality is the fact that we have no direct way of checking what's actually going on under the hood and what impact it has on security. If there is one axiomatic requirement for the trustworthiness of a password manager, it's that it must be open source. That way people don't have to guess at the code quality from their use of file extensions. Lots of people seem to have a huge phobia of storing their passwords in the cloud and I have the feeling that the provenly poor security of Lastpass [1] has contributed significantly to this.

<shameless plug>Padlock[2] is a penetration-tested, open source alternative that also has a (open source!) cloud storage solution[3] that you can even deploy to your own server if you don't trust the official one. All of this based on zero-knowledge (the server has no way of acquiring your master password or reading any of your clear-text data). Disclaimer: I'm the main contributor.</shameless plug>

[1]: http://www.martinvigo.com/even-the-lastpass-will-be-stolen-d... [2]: https://padlock.io [3]: https://github.com/maklesoft/padlock-cloud

[gempir]

That's exactly what i was trying to say with the article :)

serving .php files directly is not security issue, but as you said nobody knows what's going on under the hood.

[lestatcheb]

Padlock doesn't work in Firefox?

[MaKleSoft]

Yeah, currently the only way to run it on desktop is through the Chrome app. A native, standalone desktop app for all major platforms will be released very soon, though.