All good points. This is the sort of thing we should present to the OP.
- snip -
If someone wants to steal coins from a blockchain.info wallet he needs the encrypted wallet file and the password too. But the key difference is that with blockchain.info anyone who knows the wallet identifier can get a copy of the encrypted wallet file.
- snip -
I would hope that anyone using blockchain.info would be using two factor authentication, but as I said earlier: "safety and security will often end up depending more on your processes and habits than which wallet you choose to use"
Also blockchain.info's servers are always online and everyone knows that there's gold there so its akin to carrying a giant sign board that says "Hack Me And Get RICH!"
Although all hacking their server will get you is a pile of encrypted data. You'd still have to guess everyone's passwords to actually access any of it.
A few things:
One I was comparing like to like. Getting encrypted wallets from some individual's computer vs. doing the same from blockchain.info.
By broadcasting that it holds lots of wallets blockchain.info is inviting trouble. An individual does not do that or if he does his system is harder to track. I suppose this the old security via obscurity argument.
If hackers compromise blockchain.info they won't just get the encrypted wallets. They can also put up a phishing site in its place and get people's passwords.
There is another possibility and that is that you loose your coins not because of some thief but because of hardware failure, accidental deletion of wallet file, natural disasters etc. So which of the wallets are safer in that case? Armory and electrum are deterministic meaning you can make paper backups that can restore all the coins (except imported private keys).
(emphasis added)Which would be why I stated: "By importing a private key you are already choosing to forfeit a key safety feature that Armory provides (deterministic addresses)." Because the OP is choosing to import adresses, they now have to store complete backups of the wallet somewhere and not just the paper backup of the seed. If they store those backups on the internet somewhere, then they are doing the same thing as blockchain.info (storing encrypted copies of the wallet online where it can be accessed by hackers).
You can always backup to an external storage medium. You don't have to backup to the cloud.