Marlinspike said he thinks Mega users fundamentally don't care that much about security since they're just interested in file sharing. Since Mega will just see encrypted data on their servers, the setup appears to absolve the site's founders from the copyright infringement issues of Megaupload.
"All that matters is the operators of Mega can claim they don't have the technical ability to inspect the contents on the server for copyright infringement," Marlinspike said.
Like any new online service, Mega's code is already being prodded. On Sunday, it was revealed the site had a cross-site scripting flaw, which in some cases can allow an attacker to steal a user's cookies, which would allow at least a temporary takeover of a victim's account. It was quickly fixed.
"XSS issue was resolved within the hour," wrote Bram van der Kolk, one of the founders of Mega and Megaupload, on Twitter on Sunday. "Very valid point, embarrassing bug."
Efforts to reach Mega were not immediately successful.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk