I agree about the security point. It is concerning that a developer of a DIARY/JOURNAL app takes security so lightly when implementing an existing (open source AES encryption algorithm that uses a custom password as a key) is not that complicated to be honest. You are basically using client side encryption using the user’s password as the key instead of a hard coded one. Also, all you need to do is warn users that if they lose their password, they will lose their data. That is what solid password managers and other journal apps that use user passwords for keys or for encrypting a randomly generated key do. In fact, I LIKE the idea that my data will be lost. That tells me someone else has no access to my data regardless of the scenario.
To use the analogy of storing health records etc. in the cloud unencrypted is not a valid one. Not EVERYONE is so careless with that kind of sensitive data. There are free encryption tools like VeraCrypt and other options available. Given that logic, why do we need secure password managers? Why not store all our credit card numbers, social security numbers, bank login passwords, and social media login information in a Word document unencrypted in the cloud? Why be so "paranoid" as you put it?
To make it a more fair analogy, let's put them in a Word file with the same password for EVERY person. Just like we are doing with Diarium. Wow, how hard would it be to get that key and get to that data. Perhaps by a hacker, or a cloud employee? You are unfortunately gambling with OUR MOST INTIMATE and PRIVATE information by simply saying, hackers have more important things to steal. Could you imagine if they were motivated for whatever reason to hack that info?
Take any cloud service. All we need is for a hacker or malicious employee to do a simple search for Diarium files. Then perhaps blackmail people into giving them money or they will make their information public. I know you will say that is being paranoid. I am just wondering if your motive for basically dismissing your Customers’ privacy concerns by almost shaming them with a comment that amounts to "you're too paranoid, calm down" is because you think there is little risk, or because you see it as low priority or too complicated to implement? In any case, lack of a solid cloud security strategy is a sad and unnecessary hit against the reputation of an app that is otherwise extremely useful and nicely done.
By the way, I have been in IT for 20 years and have been a programmer for 10+. So, I know you must prioritize bugs and new features. But next to a password manager, I would say a Diary/Journal is probably the next most sensitive thing you would not want to fall into the wrong hands.
I respect the fact that you are working very hard to stay on top of everything on your plate. I am simply saying that maybe it is time that this gets bumped up in priority. Perhaps not everyone is using this security feature, but that could be more out of ignorance about worse case consequences, because perhaps if they knew, they would be just as concerned as your more privacy conscious users.