Sir_Cmpwn

Not that it matters. They could silently replace it with a backdoored script and your browser would never tell you it happened.

And to preempt the ProtonMail rep who is probably going to respond to this comment, I know that you can run the web app on localhost. But that doesn't mean that users who don't are any more secure.

Sephr
Hopefully web packages⁽¹⁾ can eventually solve this issue.

1. https://github.com/WICG/webpackage