same can be said for PGP even.
if you arent developing something that forces implementations to use sane defaults, you aren't developing security.
the difference is that even if you use the command line tool, you still have to load the gun before you can shoot yourself in the foot
see an auth error? maybe just rm that file
A Mastodon instance for info/cyber security-minded people.