Make sure plain private key is erased in memory on locking
Because JS has a garbage collector which manages memory we have no control whether/when GC will erase plain private key after unlock.
The solution could be couple the decryption of
encryptedSeed with the native
sign function (which called
brainWalletSign now and takes the plain seed) and make sure to override used private key (seed) with zeroes.