the problem i have here is that there's no way for me to confirm that the secrets aren't stored somewhere on their hardware, either forming a prize worth attacking them for, or, worse, a prize for a less-ethical employee
nice idea, but we now live in a world where we can't just trust a service to do the right thing, and even if they do, to never be hacked