Cashu tokens are a bearer instrument so if someone reads your unencrypted token they can spend it without your knowledge. There are many solutions: encrypt the token is an easy one but you pay up front in client side CPU cycles. Another easy solution is to use NUT-11 p2pk locking. This is essentially a smart contract that lives server-side and adds an unlocking script to the tokens. This puts more of the CPU burden on the server in a pseudonymous way. Normally this would add a trust assumption but cashu is already a trusted system so it's generally a better tradeoff. You can also lock tokens to someone else's pubkey non-interactively. Yuge! There is also an economic argument against a bitaxe SE. Secure enclaves are not cheap and the bitaxe hardware just isn't that powerful. It might take a decade to pay back the additional up front investment to add a SE to the hardware. Or it might never pay itself back. Not a great return on security investment. With generic hardware that does more than mine or a much more powerful miner it might make sense. We're getting there! I saw NerdAxe has a 75W 5TH miner now (or soon?). 🤤 Somebody is working on a router with a built-in ASIC and ad-hoc WiFi pay-as-you-go API. Might be worthy of a SE...? idk

I don't get how trying to finding the next BTC block is connected to getting cashu tokens. Is the idea that you'd be using a pool and instead of the pool paying out on chain, or over lightning, that they'd issue you cashu tokens instead?