I would feel a lot safer about sending passwords if the server couldn't decrypt them, or if the source code for this site was on github or some other OS platform.
Good point. We'll look at making it public on GitHub, and how to encrypt the data and how to handle keys is something we're playing around with. Any ideas of what would make you more comfortable with the encryption?