Looks like some useful tools over there. What's missing for me is some data security declaration for where and how long data is stored and how the data is passed to third parties (AI?).

The reasoning I heard (in finance apps context) is that while not stopping committed attackers, at least some script kiddies will be stopped without ever hitting the server side of things.

It's kind of pointless in my opinion as you should be able to reverse engineer the way things work with MITMing the server communication, but I guess burning developer resources is still fine to sell "our app is extra hardened" to the public or something.