It stores the data locally, so first you have to break into the system, then the encrypted container of the app. If someone does that then you are probably a pretty high value target and have different problems.
An open source, non audited app, that’s not even compiled yourself (iOS app) isn’t much different than that.
An open source, non audited app, that’s not even compiled yourself (iOS app) isn’t much different than that.