RE: HiveSigner is INSECURE? - discussion and deep dive

Yes, it doesn't send keys to server, just in local browser encrypted.

Localstorage generally same safety as your device, they are bound to website you visit only (in this case hivesigner.com), unless someone injects xss code into hivesigner website/codebase (which is highly unlikely) or install unwanted browser extension (user's choice) stealing from localstorage shouldn't be possible plus if you encrypt it in localstorage that's extra security also.