What can we say about a javascript encrypted messenger client. Don't expect so much from it, it was done for testing purpose in the beginning. If it's living inside the browser it's always at risk.
Also, like whatsapp (which I don't use), it's running a custom xmpp server. [whatsapp vulnerable](http://geeknizer.com/how-to-hack-whatsapp-messenger/)