Frames are very cool, but can someone help me understand the security model? What’s the risk associated with malicious frames? I hope there aren’t wallet-draining possibilities here, but would love to have that confirmed.

None in the current design. It's just a widget that renders some pictures and buttons and sends you a predefined EdDSA signature. 

Privacy wise, assume everything you do inside a frame is visible to the developer. Similar to the general Farcaster model where most actions are public.

Technowatermelon. Elder Millenial. Building Farcaster. 

nf.td/varun

any possibility of that EdDSA being usable on a EdDSA chain like Solana if the user has a wallet on Solana with the same derivation path?

we haven't yet figured out a model to allow safe transactions within frames, but plan to

1. the probability of deriving a usuable key with balance is insanely low. 

2. even if you could do it, frame signatures are a narrowly specified protobuf signature, not a general purpose signature. so you can't create arbitrary transactions with it.

I'm talking about a malicious use case. 
i thought the idea to use eddsa instead of ecdsa was to ensure that the Frame signatures can't be used for the wallet. my question is, wouldn't the eddsa signatures be useable on a eddsa chain if the user has an account on  that chain using the same derivation path?