The scheme of work is as follows: I use the standalone version of the client. The Electrum profile itself does not exist on the computer - it is in the archive under a password. If I need to make a transaction, I unpack the profile folder to a specific location, indicate this location to the program, enter the password and get access. At the end, I close the program, again I archive the profile folder with its removal from the location.
Those. Initially, there is no folder with a wallet or a file with a phrase on the PC. Therefore, I cannot understand how exactly without this phrase and in the absence of access to the wallet file, access to transactions could be obtained.
So basically, you're using command line option
-D or
--dir to specify a custom data directory (
the "profile folder")?
If so, it'll only provide you a false sense of security since it's still connected to the internet and using a possibly compromised PC.
Even if the wallet and data directory is not in your PC at that time, the hacker will only need one chance to get your private keys or seed phrase during the times when you unpack it.
With those info alone, he can create his own wallet that can send transactions anytime he like even without using your wallet.