The web wallet allows you to access your wallet and make transactions via a web browser.
Encrypted using a password of your choice and stored in local storage
Encrypted using a password of your choice and stored in folder in your computer
Uses a "trusted" remote node to sync with the blockchain and validate the consensus rules, and relays signed transactions on its behalf
The client runs a full node and validates the consensus rules of the blockchain independently
Is via a web browser, which can be compromised in multiple ways such as
* having a malicious Chrome Extension
* If the server that is serving the client gets hacked, the hacker could deliver a version of the website that steals your seed.
* Phishing - someone could create a website with a domain that looks very similar to the real official wallet domain and serve a malicious version of the wallet.
You download a desktop application to your computer once from a trusted source.
Only use a computer that you are sure is not infected with a virus. Viruses such as keystroke loggers can steal your 24 word mnemonic phrase while you are typing it.
You should use a web browser with as little as possible extensions or none at all - and only if you completely trust those extensions. Preferably you should use a browser without any extensions.
Bookmark that url of the web wallet (https://wallet.zp.io) and always access it by clicking the bookmark.
You may run the web wallet client locally independently in order to remove the risk of a phishing attack - here are the instructions for doing so.
If you would like to go over the code that secures your 24 word mnemonic phrase and signs transactions you can go over the code references here.