RE: The Joy of flashing the STEEM account-value!!
The main problem is the really lazy placeholder-like security system. Why do you need to have to expose your entire active key everytime you want to do anything with your wallet other than redeem your rewards? I understand you're not using your masterkey and that allows you to not have your account completely stolen, but someone doesn't need to steal your account to clean you out.
Why isn't there 2-FA for Google Authentication and Email? Just offer a selection of simple ways to reduce the risk I don't understand how they can think they can really compete with the likes of YouTube and Reddit when those people are going to be even less interested in getting serious about the security of their account than most of current society that also needs their hand held through understanding aspects of the blockchain system.
Ideally people should not need to know anything about what's going on under the hood, it should just work. It should be impossible to accidentally expose yourself to something that much of a high security risk and yet you're asked to do that everytime you need that active key. At least they created a separate system that lets you login and post with a different key. What they should have done and could still do is have the main system we're posting on now and the wallet system as visually separated. I want to have some sense of separation so it doesn't feel like my Facebook page is also my PayPal account. And why in fact do they not have a desktop wallet? It just always feels so insecure to me which is why I am so nervous about participating in the economy such as a delegating and so on even though I really want to.
So many strange design choices, but I'll stop before I get into a rant about why they didn't program a private message system or a bookmark/saved function for favourite or interesting posts you want to come back to. I get 3rd party devs can program stuff on top and create these things but I don't understand basic functions of this wasn't dome in a certain way to begin with.
If they had Ledger support that would solve the whole problem of private keys completely.