[tobehonest]

As Mozilla is a US-based organization, is anyone afraid of the NSA/USG commandeering Mozilla to setup pen-register/password-interception a la Lavabit?

Only a couple of months ago comments like mine would have been passed off as tin-foil conspiracy. Now, I think everyone's sense of normal is now tightly wrapped in tin-foil, encased in lead.

[riquito]

Opposite to Lavabit, Mozilla can't decrypt your data, so I can't see this happening, unless they change the open source client code without anyone noticing.

[rhelmer]

The "change the open source client code without anyone noticing" attack vector is important too: https://brendaneich.com/2014/01/trust-but-verify/