"There's a problem with doing #cryptography in a web #browser, where an end user cannot (or will not) verify the entirety of code sent to them upon loading a page - a service operator can therefore inject malicious code into a previously verified page." https://crypton.io/docs/