Hi Dickon
We send an encrypted account key via email. We also use TLS encryption for all our emails and the email system is completely separate from our own mSecure servers. We do all this to ensure that your information is not compromised even in a less than secure environment. The reason we email the authentication email in the first place is because customers will often not read how important our account key is and how they should have it and not lose it in order to be able to sign in to their mSecure accounts moving forward. If you only kept it in the app or only provided an option to save it locally, more customers would lose access to their mSecure accounts than they already do and that would not be a good experience for customers.
Dickon
Email is probably one of the least secure methods of transmitting information, but perfect for giving data to any criminal or government agency that would like it.