We don't believe in security by obscurity.
If you find a bug in Earendil that can break its security, feel free to publicly post a GitHub issue, especially if you have a pull request to fix the vulnerability. This will help us and the community fix any issues as quickly as possible.
That being said, Earendil is **very** alpha-quality software and **should not** be depended on for security-critical applications.