Client information, tokens and the sort are stored using Apple’s Keychain security, locked down with limited access
Authentication uses the expected state key which is hashed before being stored
I do plan on enabling app-level passcode access to à la app at a later date
Happy to take suggestions on how to make it even more secure though