don't give blank-signing access to apps you can't trust -- I think this will be an ongoing lesson for people in the next decade -- but it's irrelevant of whether this is money or your identity -- you simply shouldn't do that without, at lease, getting a sample of what the app is asking you to sign. This is the same idea as WoT -- you can fool some people for a very short-lived time at great expense. That said, that's why I also added the concept of having a user-level passphrase on a wallet -- you could have no passphrase on low amounts, and as soon as you get to a certain limit your app is instructed to move to a cashu wallet that requires a passphrase to decrypt the proofs.