This is because the private key to en/decrypt messages never leaves your phone. So the 'browser based' version still routes messages to your phone first (to presumably re-encrypt them with a different key that you got from scanning that QR code).
You can argue semantics if that counts as browser based or not, but I think that's actually a pretty sane way to to things, security wise.
You can argue semantics if that counts as browser based or not, but I think that's actually a pretty sane way to to things, security wise.