[jszymborski]

I use standard notes, but I'll be honest, I'm not chuffed about the whole "hosted" plugins system.

Maybe I'm completely off-base, but while SN only ever see the encrypted blobs, editors often (almost always) require me to send over my plain-text to a server which then sends it back to me. That's not really end-to-end... what's the motivation behind the hosted plugins, and not downloading signed binaries/code that operate through a permissions-based API?

[mobitar]

An important goal we have is to make sure that the web app and desktop app are 1:1, so that any way you depend on using the app can be accessed any time using a browser. This requires a different, hosted architecture. I don't think this will be its final form however.

In the future, I could imagine for example a desktop app that runs all of the extensions locally (but would mean no web access). But the hosted architecture is not bad. The only remote connection made is when the script is first downloaded. After that, the note editing all happens locally in-frame, and the end-to-end architecture remains intact. The question really becomes, can you trust the script that's initially loaded? This will be up to the user. The editor feature is a layer of convenience that comes at a minor cost of potential privacy, but is no more untrustworthy than the SN web app you load in your browser (assuming the editor is coming from our servers and not some random link).