Then you store plain text in the browser storage which is not secure. Decrypted content should not escape the memory.