[FLUX-YOU]

It's more that you put the password on the disk in unencrypted format without telling the user. For instance, chrome stores them in sqlite databases which you can just open and select from:

http://i.imgur.com/zauv4sK.png

Your disk could be encrypted, but not everyone's will be. It's better to just localStorage as it was intended.

Plus if you introduce a bug later down the line, you might not prune older localStorage entries, meaning they will stay there for much longer than you want. AND the user may not revisit your site ever again after going offline, which doesn't give you an opportunity to prune it.

[thesimon]

So encrypt the password with your public key before storing it and decrypt it on the server?

[swellep]

So ask the user if they're cool with it being unencrypted, and you're all good? How would you encrypt it though, since you're offline?

[FLUX-YOU]

No one's going to have a lot of confidence if you ask them to store your sensitive info in plaintext. Just don't do it. The convenience or UX isn't worth it.