Security and Privacy Evaluation of Crabgrass

After discussing Riseup Email in this thread, I want to discuss the next service provided by the Riseup Collective: Crabgrass.

It is described as “private wikis and group collaboration” and enables users to form and work in groups. Its functions include wiki pages, group discussions, file uploads, polls, votes, task lists and group management with various hierarchies. It can be used in both clothed and open settings and offers a .onion address.

More info about Riseup in general can be found in the thread about Riseup Email I linked above.

Now, this is not a tool suggestion because the Minimum Requirements for Productivity Tools include support for password-protected files, which Crabgrass doesn’t really have. However, I’d still like to know your thoughts on the security and privacy of using Crabgrass.

Like all Riseup services, it’s clearly targeted towards and somewhat widespread in activist circles. This means that for Crabgrass users, a threat model including above-average risks and threat actor motivation can be assumed. Do you think Crabgrass meets those demands? Is something important missing, and do you think there are alternatives that provide clear benefits for the Crabgrass target audience?