This thread is getting severely derailed. Security concerns are ok, but there's a point where it's just grasping at straws to prove a theory.
The more autonomous a site is, the more difficult a hack would be. Vlad's site would have no backend to hack. There's no need for one to exist. The hacker would either need direct access to the server's filesytem or a method to hijack DNS servers to point to their own server.
Packetsniffing is a moot point since the entire infrastructure of the internet is based on devices that route packets that are marked to go to X network specifically through port Y. The only way packetsniffing may be a problem is if the user is on a public wireless network, in which the entire communication is broadcasted with no encryption and no control over what receives it.
I recently updated the site to use jszip so the whole thing is now done in the browser and nothing is being sent to the server.
I agree that having a site that supposedly does something "as simple as zipping up some plain text" should not need a server to take the request and package the zip for you, but back in 2011 I don't think this functionality was mature enough to utilize.
Anyway I did redesign the layout a bit and for now dropped showing the extra TOC fields since it's probably not the biggest reason someone would use it anyway.
If you have some suggestions I wouldn't mind to see if I can implement them.
I for one will miss the ability to see/adjust the .toc "on site".
When sending someone to addon.bool.no (which happens semi-regularly on the WoW UI and macro forum) it's quite easy to describe what they will see/click/do all in one place and not have to add "and now open the addon folder, find the .toc file, open in an editor, yes, notepad will do..........
Which is also a back handed way of saying thank you for keeping the site going, it is greatly appreciated and a great resource to the community .