I understand the point in the general case but I don't think you could exploit it in this case. Nonetheless it would still be nicer if the application would tell me that someone tampered with the message instead of making me infer it from the fact that it partially decoded into garbage. Thanks!
I will add in a hmac if the ciphertext and IV and alert the user if the message has been tampered with. I will have it updated within the next week.
Thanks for the constructive feedback. This is why I posted it here and made it open source so I could get peer review, make the utility better and learn a few things along the way.
One thing I would really suggest is to get rid of all this conversions between strings and byte arrays, this adds unnecessarily complexity to the code. Convert messages and passwords to byte arrays as soon as you get them, preferably using a Unicode encoding to support foreign languages, and then only work with byte arrays for everything until you finally want to output the encrypted message where you probably want to Base64 encode it. Especially I did not understand why you have these ugly methods in ByteHelpers when you already have Encoding.GetString() and Encoding.GetBytes() and you are using them in some places.
