The password would be a number of bytes. They could easily use stenography and hide it in an upload or download of the file. Or have an update that would weakly encrypt the data, or encrypt and decrypt to a key known to them, making it trivial to retrieve the data.
Without the source, their security is meaningless. You've just given a closed source application access to the network, and to your files. You've already lost the game.
Edit: Thinking about it, this is the real problem with encryption: the good is the enemy of the perfect. A 90% solution is worse than a half assed one, because you know not to trust the bad solution.
Without the source, their security is meaningless. You've just given a closed source application access to the network, and to your files. You've already lost the game.
Edit: Thinking about it, this is the real problem with encryption: the good is the enemy of the perfect. A 90% solution is worse than a half assed one, because you know not to trust the bad solution.