Thanks! It's for security reasons. We want to keep all the data locally on the user's computer, so your data will never touch our or a third party's server (other than Google). If we piped the requests through a backend, nobody could verify that we're not reading the content of your data or secrets.