2) All the files in the local file system are completely the property of the user. The js makes no attempt to do any snooping or uploading. You can verify that by looking at the network activity.
ive already had a look through all the javascript I mean for your own safety make sure your end is secure
BTW i can see that you did a lot of work on this so im not trying to dis you or troll you just be careful when serving out to the web at large and about just how far in you let anons get into the server.
My theory on safety: there's more safety in a world where things just work better. I think that LOTW can crank that idea of "things working better" into overdrive!
That's meant to be a throwback to the look and feel of the 90's when you saw so many bare bones Apache index.html listings that were something like that.
What you are seeing there is highly controlled, no-nonsense output, ie, what you might expect out of something that is a legitimate kind of "Linux" on the Web.
What I need to worry about on the backend is 500 errors that might leak some kind of info, and I am very vigilant of those... even though I think app engine does a pretty good job of making sure that nothing vital does get leaked out.