2) All the files in the local file system are completely the property of the user. The js makes no attempt to do any snooping or uploading. You can verify that by looking at the network activity.
ive already had a look through all the javascript I mean for your own safety make sure your end is secure
BTW i can see that you did a lot of work on this so im not trying to dis you or troll you just be careful when serving out to the web at large and about just how far in you let anons get into the server.
My theory on safety: there's more safety in a world where things just work better. I think that LOTW can crank that idea of "things working better" into overdrive!