Your LNDHub connection string will be saved un-encrypted in localStorage so there is that risk, but its the same as Snort having some XSS and draining your WebLN wallet (if you didnt have quota)

Not that there are any *known* XSS issues on Snort

LNC on the other hand stores the keys encrypted in localStorage, maybe i also encrypt the LNDHub wallet?

It means every time you open the site you have to unlock it which is a pain