I think the parent comment is talking about a defense-in-depth approach: if crypto is your only defense against a worst-level outcome, you don't have any grace if your adversary can exploit a crypto weakness. With perimeter defenses you have a little more leeway in responding to eg leaked keys or other problems. Also presumably you know who might have retrieved the encrypted data, and therefore who might be doing offline attacks against the data.

There are totally use cases where having encrypted data at publicly retrievable, even well-known URIs makes sense, but there are other use cases where you want some level of network security as well.

Anytime.

Re your question: of course. There are some things to consider:

1. These files do seem to have some persistence on either the sender’s, the recipient‘s or a shared machine. With long persistence in several places, the risk of unwanted access is being elevated. (Cloud instances and identity providers get popped, machines get viruses, etc) 2. As mentioned by a sibling comment, the encryption is your only layer of protection. 3. Browser’s are probably one of the top three targets of vulnerability researchers at the moment. They were at the number one spot 2-3 years ago.

When a vulnerability is found in the implementation, the missing controls become a problem. Your quote about 0days is certainly correct. At some point it won’t be an 0day anymore though, and it’s hard to convince people to rummage through their hard drive to delete some files.