it's secure, imo, because we're not using custom backends with AI created authorization methods. we're using nostr for authenticate and nostr for data storage.