- Do not know if SJCL should be seeded properly or not or it seeds itself automatically
- Gotta make sure the Meteor server only publishes the right data to the user
- Meteor Cursor reactivity can mess up our hash checks if the data changes after we check it and we include the changed (and as a result unverified data) data in a hash or signature.
- Can the server trick me into using another friend's friend key when it comes to encrypting/decrypting stuff?
- I think right now we don't bind the friend key to the friend's username
- Bind profile IDs to their ACLs properly.
- False positive ACL verification failures due to Meteor's reactivity