My main concern with this or saltify.io is that when viewing network tab traffic in the browser, you can see the secret and the password are being sent back to their server. While we trust that our data are stored in encrypted form and the password+secret is only used in memory of serverside code to decrypt/encrypt, I would much prefer all of those operations being all done in the browser.