Developer reply by Tomasz Lewoc
Rated 4 out of 5 stars
When thunderbird is launched from a terminal the extension appears to display the access_token in DEBUG statements. This seems unnecessary and could potentially be a security risk.
EDIT: The developer has been in contact and has said these will be removed in a future release. The chance of a security breach from this is incredibly slim anyway.
The add-on is not designed to protect a user's data when their PC is compromised. What you pointed out is of little importance considering the add-on stores all of your tasks in plain text in the profile directory anyway (and all the tokens in preferences, which are also plain text). That being said, you're right about it being unnecessary, so I'll remove it in the next update. Thanks for the heads up.
To create your own collections, you must have a Mozilla Add-ons account.