Threat Model Protects against casual reading of local database file accidental exposure of plaintext passwords in UI Does not protect against malware on the same machine compromised OS user account keyloggers stolen unlocked session weak master password leaked database + weak master password