Just noticed they do server-side PGP encryption like BMR, which is a big security vulnerability. Also, 20 character max passwords and pins? Really? At least they are all chars. A few weeks ago the pin could only be 4 digits. Seriously.