[yoble]

(author here) Yeah, or if it's on http someone could MITM and change the script, or if they are malicious extension on the browser the content can be stolen after decryption.

That felt implicitly obvious to me, but I think you're right and it wouldn't hurt to put those assumptions in the FAQ. Thanks for the feedback!

(If you, or someone else, see other attack vectors, feel free to comment with those)

[ranger_danger]

a supply-chain attack where malicious JS is delivered to the user (even from your own server, as the author of the software, maybe you got hacked yourself for example) is another way

[atVelocet]

Would it help to employ the ssl cert in the encryption/decryption process and use it as an IV or so?

[remram]

No. The attacker can mock that just as easily.