I'm going to reiterate my positions on End-to-End Encryption since they seem to have been ignored or overlooked:

1. Plaintext is better than security theater.
2. Weak encryption is better than plaintext.

The difference between weak encryption and security theater is how the product is marketed to end users.

Security theater is bullshit like, "This tech is private because our datacenters are in Switzerland," or, "We can recover your private keys, silently, whenever we want."

Security theater gives people the illusion of security, while they're actually vulnerable. This is the worst outcome.

Regardless of how flawed your approach is, as long as you're humble about it, it's better than not trying anything to begin with (just shoveling plaintext).

But the moment you let an ounce of arrogance or pride infect your marketing copy? The moment you're not just underdelivering on privacy, but also overselling on it?

That is when you cause harm.