Comment by rakoo

> The security of this is somewhat questionable. On client device the notes are stored in plain text, so even another user from the same machine can read them

Depending on the threat model this might not be an issue. For my particular case where the notes must be kept away from ultra-capitalist companies it's more than enough

> Giving we know the username AND that the salt is always 32261572990560219427182644435912532, it is really a hash crackable in minutes

This is way way more worrying