Blockchain.info can't touch my coins. But if there servers are compromised, a hacker could inject a tiny, tiny amount of JS and have my ID/password sent to... anywhere... and then the hacker could access my account. I'm curious to know how you'll get around that vulnerability.
The security on the client side will be on the level that blockchain.info provides, but this will be more than just a online wallet - it will also be an exchange.
I'm aware about injecting JS vulnerability. Of course you can't get around it with anything on the main server. It's possible however to setup an external server that will be monitoring the files and firing alarms the minute something's wrong (asset checksums doesn't match). And that's exactly what we'll do. Another thing is that all SSH/SCP access is also logged and the whole team gets an email immediately when it happens.
Blockchain.info can't touch my coins. But if there servers are compromised, a hacker could inject a tiny, tiny amount of JS and have my ID/password sent to... anywhere... and then the hacker could access my account. I'm curious to know how you'll get around that vulnerability.