Frames are very cool, but can someone help me understand the security model? What’s the risk associated with malicious frames? I hope there aren’t wallet-draining possibilities here, but would love to have that confirmed.

None in the current design. It's just a widget that renders some pictures and buttons and sends you a predefined EdDSA signature. 

Privacy wise, assume everything you do inside a frame is visible to the developer. Similar to the general Farcaster model where most actions are public.

Technowatermelon. Elder Millenial. Building Farcaster. 

nf.td/varun

Is the only input a user can send the data about where they clicked? I.e. can’t send a text string or a seed phrase or any user generated data like that?

Cohost /gmfarcaster livestream Farcaster news show 🎙️💬 Founder Tenger Ways, bringing joy into work with DevOps practices 🤗 mom x 3 💗

Got it. so very safe - if not private- in its current form. 🙏