We don't believe in security by obscurity.

If you find a bug in Earendil that can break its security, feel free to publicly post a GitHub issue, especially if you have a pull request to fix the vulnerability. This will help us and the community fix any issues as quickly as possible.

That being said, Earendil is very alpha-quality software and should not be depended on for security-critical applications.