We had already chosen React previously. In general, we are fans of the way React represents reusable components more than how Angular does. Our internal component library was built with React (see gestalt).
Great question. In short, we’re not worried about any security issues with having redux devtools enabled in production. The biggest attack vector is the json blob embedded in the initial HTML used to hydrate the redux store, but that is inspectable with or without the extension enabled.
A few lessons learned: