I don’t have time to explain all of the misconceptions in your post Captain Quirk as I’m an end-user of AxCrypt.
I’ll correct a few of your inaccuracies (there is proper documentation on this website);
- Email address and password is all that’s sent to the servers (you can even enter a fake email)
- Software can be used offline
- Connecting to the server is only required to seamlessly share files with other people
- The old self-extracting EXE files are now blocked by most mail clients.
- Self-extracting EXEs also blocked by default if you send it to a Windows 8, 8.1 or 10 user.
- SHA-1 isn’t broken in the context it’s used by AxCrypt. There’s different implementations.
- Want to crack a 7-Zip encrypted archive? This company will sel you software to.
There’s no single point of failure by using one password. If you’re using multiple passwords then where are you storing them? If you say “in my head” then they’re not secure – the best passwords are the ones you can’t remember.
Therefore a password manager or a piece of paper is your single point of failure.
Using the same password on a website is a bad idea because a website is easier to compromise than your computer. But if somebody compromises your system then you’ve lost your data and the bad guys had full access to your files, encrypted or not.
Thus a single password helps you choose one, really secure password that you can just about remember.