> The encryption key doesn't have to be stored in the cloud. It just has to be stored somewhere else -- it could be in the file system.
Right, makes sense. I was saying to not store it in the cloud, specifically. Encrypt local data at rest, makes sense. Storing encryption keys for said content somewhere where you need internet access to get, doesn't make much sense.
> Even if it's a standalone application, it doesn't mean the code can be entirely trusted. I wouldn't take that risk.
"Trusted" here refers to "not user provided inputs" that SaaS/website usually does somewhere. Obviously, there is code somewhere that you haven't read and verified, that's true for literally everyone using a computer today, no one has read and verified all the code they've run, we'd get nothing done if that was common practice.
Just for curiosities sake, what OS you use and how much of your software you use daily have you read through the source code of?
