I really enjoyed the new onboarding experience using web app browser, including the free .id.blockstack handle. But when I received the recovery password on my mail I wondered how secure is this solution. I know that link is probably safer to keep for “normal” user than the 12 word passphrase. But, unless the user has picked a really strong password (likely?) That link stored (permanently) on the email seems like a much unsecure solution.

What are your thoughts?