> Well, given that I doubt this is in widespread use already - how  
> sensible is it to support two versions of the keything file? I'd  
> rather keep it as simple as possible, which is a good thumb rule for  
> security analysis anyway.
> 
> Also, it's not really extensible - suppose I wanted to store the  
> passwords using my OS's password vault instead, how would I do that?  
> Or do you think we need a separate password manager registry thing  
> which would delegate the password request to Keything or something else?

Since simplicity helps with security (analysis), its probably good not to
complicate Keything or any other vault with a technology-independent
extensibility layer (although a tech-dependent one might be nice).  People who
want to use multiple vault technologies can write their own external
Facade/Adapter that sits above or wraps the vaults to their need.

Having said that, it does seem crucial that one be able to control where the
private passwords and capabilities vault files are kept.  This is the boundary
where responsibility for secureness transfers from the software to the user,
shouldn't the computer help the user with management at this juncture as much
as possible?  I don't see why would it require two versions, and it doesn't
seem to add much complexity..

Besides being platform-specific, use of OS-level vaults rather "hides" the
implementation compared to a straight open all-Smalltalk solution, making
analysis difficult.