I was reading about JWTs and how you shouldn't store them in localStorage - its insecure.
But if it is encrypted with a server's private key, with the JOSE standard, can I store it in localStorage? Is that secure from XSS and other attacks that might threaten my app?