This is a problem everyone in the security space faces.

We used to work as security consultants, so we're more experienced than most, and we're working hard to be transparent and above board.

As we grow, we'll definitely be conducting regular audits of our infrastructure.

Maybe a PGP key instead of a javascript form for submitting a secret to setup the account?