High-risk-context guidance (spec §15.12.4)

This is a custodial-web wallet: your credentials and signing key live on this server, not on your device. A wallet operator that holds your credentials is a new entity in your threat model. If any of the following describes you, this wallet shape is not the right default for you, and you should use a device-bound wallet or wait for an EUDI-class wallet instead:

• You are a source for journalists, protecting source identity.
• You are a member of a dissident network under hostile-state surveillance.
• You belong to a marginalized community (faith, identity, sexual orientation, immigration status) where membership disclosure carries safety risk.
• You are an activist in a context where authentication-event logs at a custodial-web operator could be subpoenaed or compelled.

This is positioning guidance, not a hard restriction; the protocol cannot enforce wallet-shape choice.