Could you explain why the current implementation fetches user-specific chats using the ROPC mechanism? As ROPC is considered an insecure approach and is especially problematic for federated accounts.
Indeed it's a problem. We're looking if we can prioritise fixing this, but no ETAs are available yet.
So there is no specific reason for this implementation , I thought there might be limitation on the APIs or other dependencies.