Everything's connected to the internet, what the OP was talking about was attack vectors and since Transmit is a local app it really isn't one unless your whole machine is compromised, which in that case you're screwed.
There are lots of ways a local app can be compromised. It can read a local config value unsafely which can be influenced by some other app that does talk to the Internet, for example.
There's a reason why airgapping is the only way to secure important systems (and of course that can also have a number of vulnerabilities).
And besides, how do you know it's a local only app if you haven't audited it?
psd1|1 year ago
If it makes outbound connections and you control DNS, you own it.
I imagine you could do this sitting in a café with an open hotspot.
Ferret7446|1 year ago
There's a reason why airgapping is the only way to secure important systems (and of course that can also have a number of vulnerabilities).
And besides, how do you know it's a local only app if you haven't audited it?
"Just trust me bro" -- some dev