We need to start properly, with comfortable wallets, processed withdrawals and people`s fixed issues, there will be also additional upgrade with new backup option in meantime which should make everyone happy, exchanges come next.
All of that should have been taken care of prior to June 1. Teams need to be prepared even before announcing the ICO and not waiting till the last minute. The truth is that I am disappointed about the delay but more disappointed about the lack of preparedness.
Yeah that's what happens when you have
passwords in plaintext on Local Storage. Not to mention how many people lost their waves because of a bug in the initial client when entering your own seed.
I can't verify your claim, can you describe how to reproduce it? In the current version (and probably older versions, too), the password is not stored at all in the Local Storage object and the seed is encrypted, see the registerSeed function here:
https://github.com/wavesplatform/WavesGUI/blob/master/js/waves.ui.lockscreen.js#L189 As you can see, the seed ("passphrase") is encrypted with the password and the result ("cipher") is stored in the accountData for Local Storage. To verify the password, only a hash of the seed is stored, too. When the user enters a password, the passphrase is decrypted and the hash is compared. Pretty clever and standard for such systems.
But you don't have to believe me, verify yourself what is stored in Local Storage: Open waves.ui.functions.js in the Lite Client, then search for the line "var userAccounts = localStorage.getItem('Waves'+Waves.network);" and add "alert(userAccounts);" in the next line. "cipher" is the encrypted seed, no password stored.
BTW: if you forgot your seed, but you still know your password and can login to your account, first login to your account, and then in Chrome click on the 3 dots top right ("Customize and Control Google Chrome"), open "More tools->Developer tools" and switch to "console". Then enter Waves.passphrase and hit return, and you'll see your seed. If you are using the Chrome App: Start the App and login to your account, open another Chrome window, open the special page "chrome://inspect/#apps": the App WavesLiteApp is listed. Click on the "inspect" link, then select the Console and evaluate Waves.passphrase. No security problem, because as I wrote, it is stored encrypted on your PC, but it is required to create the private key, if you want to send WAVES.
To the devs: The seed is not required to view the balance and transactions, so maybe would be better to implement something like in the bitcoin-qt client, where you have to enter the password before each send, or some lock/unlock wallet button. Currently if you leave the browser open, anyone with access to your computer can send WAVES from the account.
