So, I wanted to withdraw my BCH from my addresses but I don't want to trust electron-wallet with my private keys, but I also don't have the space on my hard drive nor the bandwidth to download the whole blockchain in case I wanted to use BitcoinABC wallet. What I launch a goggle cloud vps and download the BitcoinABC wallet there. So my question is
I find it interesting that people seem to think that BitcoinABC is more trustworthy than ElectronCash and are more than happy to download the ABC binary and use that, than they are to download the ElectronCash binary and use that... As far as I can tell, both are pretty much equally unproven... sure, they're both open source... but as far as I'm aware, there is still no really good reason to trust one binary over the other?
If electron cash does steal the private keys (a lot of sources say they might do it, so I want to be safe)
Honestly, I see a lot of this "but sources say they might steal keys"... I have not actually seen one person show ANY proof that ElectronCash can or might steal keys... sure they copied wallet files from default data directory, which was a pretty stupid thing to do, but I understand why they did it... but there isn't anything in the source code to point to anything malicious... it was a fork of Electrum with some code changes to make BCH work.
And yes, the binaries *could* be totally bad and evil... but the sources look clean... and this is true of pretty much ANY wallet software... BTC, BCH, ETH etc... There is a lot of fear and FUD floating around...
At the end of the day... if you want your BCH, you are going to have to put your BTC seed or private key(s) into a BCH client at some point... Personally, I think I'd rather download the ElectronCash source and either compile it myself or run from sources than use a binary from any of the BCH clients. At least that way you can be 100% sure that the code you are running, is the code you can see... And it's relatively simple to do (note: much easier on Linux than Windows)
Alternatively, you could create an offline, sandboxed (airgapped or non network VM or non network Live distro etc) version of the BCH client with your seed/private keys... and then use an Online version of BCH client with xpub/public keys to create watching wallet and create unsigned transaction... transfer unsigned transaction to offline version of BCH client... sign transaction... transfer signed transaction back to Online client and broadcast it.
Then destroy the offline client (a live distro with no persistence would be the ideal scenario, as you'd just need to power the machine down to wipe the RAM, others would require special care to ensure you had thoroughly wiped the data from storage media)...
I believe that should mean that your key exposure is minimised... and there is no chance for a rouge client to transfer your keys elsewhere.
