I see security vulnerability. Generate session URL/code is able to decode encrypted password to plain text.
This is rather broad post.
What "encryption" are you referring to?
Are you using master password?
Without a master password, passwords are not protected (cannot be). They can be retrieved anytime. The "generate code" functionality makes it only bit easier. But that's actually a plus, as it makes it clear to everyone that the passwords are not protected.
You can post new topics in this forum