Security is a super important topic for us. There are various levels of security here.
First of all the connection from Alby to a wallet. That's one reason why Alby can connect to different backends. This allows you as a user to choose whatever setup you are happy with. For example, depending on your setup you can connect to LND directly or create a special limited account with something like lndhub or lnbits. (btw. we also push the development of a new lndhub implementation for this)
Then there is the connection from the website to Alby. Alby always prompts the user before a website can interact with the wallet.
Here we plan to have an extensive permission system with detailed control and transparency for the user.