The software runs completely on your desktop - your email & password is only sent between your computer and your email server. There are quite a few security measures in place that prevents HTML vulnerabilities, both built-in into Electron and others. I'd very much welcome an audit of the code from a respected firm!
