- cache.py: chmod the SQLite cache DB to 0o600 after creation so cached
  account and transaction data isn't world/group readable on shared
  POSIX systems (the directory was already 0o700, but the file wasn't
  locked down like session.pickle / preferences.json).
- session_manager.py: refuse to load session.pickle unless it is owned
  by the current user and not group/world-writable. pickle
  deserialization of an attacker-writable file is RCE; this closes the
  gap where another process running as the same user could plant a
  malicious pickle.
- login_view.py: stop echoing raw exception messages into the login UI
  on the generic except branch. Log the traceback instead and show a
  generic "Sign-in failed" message so upstream error text can't leak
  into the UI.

PR #5 review (Copilot) flagged two remaining gaps in the on-disk
hardening:

- session_manager.try_restore_session() previously short-circuited on
  Path.exists(), which returns False for dangling symlinks. A planted
  symlink at session.pickle would therefore skip the safety gate and
  stay on disk for a subsequent save_session() to follow. Remove the
  early exists() check; the safety gate already handles missing files
  (lstat → OSError → False). Logout's exists()/unlink has the same
  failure mode — switch to unconditional unlink + FileNotFoundError.
- cache.DataCache.__init__ validated db_path with exists(), which
  follows symlinks. sqlite3.connect() + chmod would then operate on
  the symlink target. Use lstat() to reject symlinks and non-regular
  files up front, add O_NOFOLLOW to the pre-create os.open.

Added regression tests for both cases.

Second PR #5 review pass raised three more gaps:

- cache.py had a TOCTOU: after FileExistsError from the pre-create
  os.open, we proceeded to sqlite3.connect without re-validating the
  path. A process racing us could swap the file for a symlink in
  that window. Restructured so there's always an authoritative
  lstat() check immediately before sqlite3.connect.
- session_manager.save_session was unprotected against a planted
  symlink/non-regular entry at SESSION_FILE. Added
  _prepare_session_file_for_write() that lstats and unlinks anything
  non-regular before MonarchMoney writes the pickle. Called from
  both login() and login_with_mfa().
- logout() previously only caught FileNotFoundError, so a directory
  planted at SESSION_FILE would crash logout with IsADirectoryError.
  Broadened to OSError.

Regression tests added for all three.

Third PR #5 review pass: the regular-file check is necessary but
not sufficient. If another uid has write access to the cache dir,
they can pre-create a regular file owned by them. save_session
would then write our pickled session into their file and the
follow-up chmod(0o600) would silently fail (not owner); the same
for sqlite3.connect on a pre-planted cache DB.

- _prepare_session_file_for_write() now requires st_uid == getuid()
  and no group/world-writable bits on POSIX before trusting an
  existing regular file. Otherwise unlink + let save_session create
  fresh.
- DataCache.__init__ raises OSError on POSIX if a regular file at
  db_path is owned by a different uid.

Windows accepts any regular file on both paths (no POSIX uid).
Regression tests cover foreign-owned session file, world-writable
session file, and foreign-owned cache DB.

Fourth PR #5 review pass:

- _prepare_session_file_for_write tightened: any existing regular
  file must also have no group/other bits set (mask 0o077, not just
  the 0o022 writable bits). A legacy 0o644 pickle left behind under
  a loose umask would otherwise leak the next save_session write
  to world-readers until _chmod_session_file() tightens it.
- cache.py chmod moved to *before* sqlite3.connect so a pre-existing
  DB with loose perms (or a connect() that errors before the post-
  chmod) can't be read/written with world-readable mode. For the
  just-pre-created case (os.open already set 0o600) the extra chmod
  is a no-op.

Fifth PR #5 review pass — both changes narrow:

- _prepare_session_file_for_write docstring drifted when the mask
  tightened from 0o022 to 0o077 last commit. Updated to match: "no
  group or world permission bits set at all", with the why-of-the
  read-window spelled out.
- cache.py: only run the O_CREAT|O_EXCL pre-create when O_NOFOLLOW
  is available. Without it, O_CREAT could in principle follow a
  planted symlink before the lstat gate catches it. In practice
  this is Windows-only (O_NOFOLLOW is a POSIX feature), where
  creating symlinks requires admin and POSIX mode bits don't map
  to NTFS ACLs, so skipping the pre-create is both safer and
  cheaper. The post-check now tolerates FileNotFoundError so
  sqlite3.connect can create the file itself on that path.

O_EXCL and O_NOFOLLOW interact differently across POSIX kernels:
macOS raises EEXIST first (caught as FileExistsError, then the
lstat gate raises \"non-regular\"), Linux may raise ELOOP directly
from os.open. Both are correct rejections, so the test shouldn't
depend on which specific errno wins. Assert OSError without
message matching.

Avoid implying non-admin Windows users can't create symlinks —
Windows 10+ Developer Mode enables it. The actual reason we skip
pre-create on those platforms is the missing O_NOFOLLOW primitive
and the different permission model (NTFS ACLs), not symlink
availability.

On platforms without O_NOFOLLOW (effectively Windows) we skip the
pre-create, so if the DB file doesn't exist yet the chmod-before-
connect is a no-op (FileNotFoundError, swallowed) and sqlite3
creates the file with umask-default perms. A second chmod after
connect catches that first-run case on those platforms; it's a
no-op when the pre-connect chmod already tightened a pre-existing
file.