How secure is CryoJS?

We know that CryoJS is not perfect and there is little we can do to make it perfect. Instead, we have attempted to make a system that prevents against current attacks. Good security like SSL costs money to implement so CryoJS provides some security for websites that can not afford SSL.

CryoJS was made to prevent simple eavesdropping or packet sniffing attacks where a person could steal your login information or credit card number simply by watching your connection. We implement public key cryptography which makes attacks to steal this information much more involved. Instead of simply listening to the information that is sent, an attacker must actively trick CryoJS by preforming a man in the middle attack.

While I would not send my credit card information over a CryoJS connection, it is a simple step to make sure that account passwords that would normally be sent without encryption get some security against primitive attacks.