FWIW you can look at the network traffic in your browser devtools and verify that only the public key is being sent to them. You can even hit their API endpoint with the public key you want to add manually, I just tried it and it worked.
Either way, if you don't trust them it hardly matters if your connection to their server is secure - they're the ones decrypting it!
bspammer|2 years ago
Either way, if you don't trust them it hardly matters if your connection to their server is secure - they're the ones decrypting it!