Two days ago, a friend had access to important banking transactions I had
conducted over the Internet. I had used Epiphany to conduct these transactions
earlier. I'll try to explain, how I think the breach occurred.

Epiphany stores the history of URLs visited, as well as cookies over time. I
have no idea for how long. I am assuming my friend was able to use the back
button, I'd like to believe inadvertently, to reach my bank's website where my
user-name was already present in the user-name field. 

This is where it gets clumsy. I must have mistakingly asked Epiphany to store my
password, or the cookies must have given him direct access to the transaction
pages in question. Either way, he was able to access my private information and
a potentially catastrophic security breach had occurred.

I'd like to suggest improvements I think will prevent privacy and security
breaches using Epiphany in the future. They are follows:

1). Provide users with a means to limit the lifetime of cookies to sessions
only. Firefox, Mozilla, Internet Explorer and Safari provide such privacy options.

2). Provide users with a means to control the amount of visited URLs stored in
Epiphany. This should be set to Zero, or a small number, by default for security
purposes.

4). Provide a panic feature or option which deletes visited URLs, cookies stored
on the system, passwords stored in Epiphany and Epiphany's cache when epiphany
is closed or terminated. {*I think this is a needed security solution/option*}

5). Make the default behavior of Epiphany never store passwords. Nobody reads
the dialog (password)option Epiphany pops up. Users will just click whatever
button appears in front of them to get rid of it. Users who are tired,
distracted or are not concentrating will also inadvertently hit the wrong
button. And there is no user visible way to undo the action. If users need to
store their password, let them do so explicitly via the Epiphany's preferences.
But avoiding the dialog altogether is most effective.

I hate to think what will happen if I had accessed my bank information at a
public cafe using Epiphany. I don't even know of any insurance company that
covers loses from software hindsight. And I doubt the cafe entrepreneurs will
claim liability.

Finally, I would also like to encourage the Epiphany developers to add security
as a top priority/goal in addition to its widely popular goal of being simple to
use. I look forward to your feedback. Thank you for a great browser.