Hi @imnev,
The odrive client has an “odrive trash” feature that is a safeguard against unintended deletes. This is especially handy for utility/infrastructure storage like S3 that doesn’t have a default “trash” feature typically found in consumer storage services. You can find the odrive trash in the odrive tray menu. When you empty it, the deletes will be executed against your cloud storage. You can find out more about this here: https://docs.odrive.com/docs/sync-changes#empty-trash
For security, we generally refer to the credential storage in reference to OAuth logins. We only allow OAuth-capable sources to be used to login to odrive and these services make up 98%+ of odrive links. For services like FTP and Amazon S3, where OAuth is not available, the information needs to be stored, as you stated. This thread goes into this a bit more: Odrive security (passwords, connection info, OAuth, etc)
If you can point me to the policy statements you are referring to, when you get a chance, I can see what we can do to add additional clarity.