[hasenj]

It's completely possible to setup `pass` such that you can type `pass <name>` and it will print the password to stdout (you might has to pass an extra parameter or so) without ever asking the user to input anything to confirm they approve of this action.

Now if this were to become mainstream, it's almost guaranteed that some percentage of users will set it up to work that way.

And now you have the perfect opportunity to write a script that simply attempts to read passwords using pass and if it succeeds sends the results somewhere on the net.