How view/edit notes in browser is 100% secure
We have made viewing or editing notes from browser as safe as in your mobile. Inside the mobile app, all notes are stored encrypted with the user's password. The password itself is not stored anywhere so no one else can see your notes even if they gain access to the phone.
If you use the cloud based backup, the same encrypted notes are sent to server for storage. We never send your password to the server. If you try to view a note from a browser, it will prompt you to provide the same password, pin or pattern you had used in your mobile. Once given, it tries to decrypt the note using the password you provided from within the browser using javascript. If decrypted successfully, the note gets shown to you. Since decryption happens in your browser, neither your password nor your raw data never leaves your browser.
In addition, you need to login first using your Google account which acts as a double protection. Your login is forgotten when you close the browser tab or window as well. Here's a diagram of how it all happens -
In addition to encryption, all communication between browser, cloud service and mobile is secured with HTTPS (SSL/TLS). For encryption/decryption, we use AES algorithm with 256 bit keys which provides strongest level of protection.