Right, but even if we can check all the boxes and trust LP, there's still the practical matter of getting everyone to use it. Generally it's going to be easier to convince users to use something that's built-in rather than 3rd party, right?

And one solution, whether it's backdoored or not, is still one target for bad actors to focus on (viruses, spoofing, etc).