I signed up kbin.social but have since decided to go all in on Lemmy. I’ve tried all day to delete my account on kbin but it won’t let me. Once I click the delete confirmation pop up it simply reloads the feed and keeps your account.
Be warned. Currently you have no control over your data there. I think that settles it for me. I won’t be using that service again.
If passwords are hashed on the client side and sent to the server to authenticate, then all an attacker would need is the password hash and not the original password to authenticate. So it could protect your original password but not your account.