MiniPHP secure unlock

Honest boundary: the server does not store your password/hash/unlock key, and encrypted files are unreadable at rest. But if the server code is already malicious, it can steal anything the client sends during that request. For full server-blind mode, decrypt and run bytecode in the client/Android interpreter.