1. Do not know if SJCL should be seeded properly or not or it seeds itself automatically
2. Gotta make sure the Meteor server only publishes the right data to the user
3. Meteor Cursor reactivity can mess up our hash checks if the data changes after we check it and we include the changed (and as a result unverified data) data in a hash or signature.
4. Can the server trick me into using another friend's friend key when it comes to encrypting/decrypting stuff?
   • I think right now we don't bind the friend key to the friend's username
5. Bind profile IDs to their ACLs properly.
6. False positive ACL verification failures due to Meteor's reactivity