the best way to handling account and trustline creation between FrontEnd BackEnd
I recently got into a heated argument with a coworker about the decision to whether we include stellar operations in the frontEnd part or the backend part. In our system we create the account on behalf of the our user and store both public key as plain text and private key encrypted with a passcode that only the user knowns.
since creating the account involves encrypting the private key, I argued that it would be better to make the our client send the passcode via a POST request to our server and the latter would handle all the encryption, account funding and trustine creation if any. my coworker argued that it would be much private (not create a honeypot) and less complicated to actually create the account, create the trustlines and do the encryption all in the browser side.
I want to ask which is the best idea, especially if we also need to import the private key of the distributing account to handle the transaction of account funding on creation.