Add security information

2022-12-20 01:27:10 +01:00 · 2022-12-20 01:27:10 +01:00 · 3626ca6258
commit 3626ca6258
--- a/README.md
+++ b/README.md
@ -95,6 +95,10 @@ Currently not in a reliable way, but:

 Feel free to create an issue here on GitHub and I will look into it.

+**Is this safe to use?**  
+This project is open source. Anyone with some programming knowledge can check out the source code, either here on GitHub or by extracting the addon file from the addon stores.  
+Considering the implementation of the features, I am not aware of any noticable risks. Efforts were made to prevent instance admins from abusing this addon to simulate mouse clicks and therefore perform actions on the users behalf (which already was a really specific and rather low risk). Also, FediAct stores all your data in your browser locally. The only sensitive data it stores is your API token, which it grabs from your home instance and is required for all features. This token is **only** sent to your home instance (which is same when you use your home instance). No other data ever leaves your device by using FediAct. As far as I know, the external instances can not access the requests made by FediAct and can therefore not gain your token.
+
 ## Screenshots / GIFs
 v0.8.0
 <details>