> Even in your preferred case, you're typing your passwords into a closed source browser on a closed source OS.

One could argue that iOS / Mobile Safari are both under incomparably more pressure to remain secure compared to any individual app, but you're totally right on a fundamental level. The truly paranoid should demand openness at all layers.

> You have to trust someone at some point.

Whole 'nother debate. ;)

> Panic also seems to be a quite reputable company. They've been in the Mac software business for a long time.

No doubt about that. I wasn't insinuating anything about their intentions (this didn't even occur to me until your comment). Just that an SSH client is a pretty complex piece of software, and there are plenty of ways to make mistakes. We've come a long way since the days of telnet and scrutiny / skepticism has played a big part in that.

Panic has had SFTP built into Transmit since 1998, and a full SSH terminal in Coda since 2007. So Prompt did not come out of nowhere, they have quite a bit of experience in this problem space.

Still if you are in an industry that demands careful vetting of security, I certainly agree one should not jump on a new SSH client right away.