Hijacking Javascript

It is possible for the JavaScript that encrypts your message to be hijacked by a hacker on delivery. The hacker can then inject code into the JavaScript do whatever he wants. Although this is unlikely, you shoudn’t post sensitive information on deadrop.us without using “SSL”. You can do this by visiting https://deadrop.us and accepting the warning or by visiting https://deadrop.herokuapp.com. You will not receive a warning on the latter because the key is signed for this domain (*.herokuapp.com) even though they are the exact same website. This will ensure that the JavaScript originated from the proper server and that it has been encrypted to prevent manipulation on delivery.