I don't know what you mean by insufficient protection, but as I said proper E2EE implementation provides sufficient protection. A symmetric encryption scheme that satisfies IND-CCA2 with a high entropy key is infeasible to decrypt without knowledge of the key. This is well understood basics of cryptography. LastPass failed at the high entropy key part / slow password hash, but also leaking metadata in plaintext. Pretty much other password managers don't have this issue, both local and cloud based.
- Use apply (in chat) or composer only if you’re more interested in finding a quick solution than the risk to local code. Often Cursor removes important comments by default.
- Use chat. Create new chats when it doesn’t have the latest version of your code or history/shadow workspace is confusing it. Add relevant files or @Codebase or both.
- Learn to undo. Use git and checkout the files/directories again if needed. I don’t use composer, so files never get deleted.
- Autocomplete is often fairly terrible and regularly gets in the way of trying to see what you’re typing or trying to view. Hit the escape key regularly.
- Use Claude 3.7 for regular coding and 3.7 Thinking for larger things to solve.
This is honestly the only part of this that matters if you do it right. Use composer, but only on a clean git tree. Apply, then look at the git diff and correct anything you don't like. Test it and commit it, then repeat.
Composer and apply are only dangerous if you're not committing regularly. If you never run them while you have uncommitted changes, you can't lose working code.
If insufficiently protected, any attack surface may be compromised. It’s just a matter of time, resources, and will.
“The only winning move is not to play.”