[nickpsecurity]

I don't think so. I did a brief look at how it works. It was basically a centrally-hosted, shared-secret setup. I've built those before. Super easy to build and use compared to high-secure, P2P apps w/ their trust management. Here was the user experience when I tried it:

1. Go to the right site. So, tell them to check domain and HTTPS.

2. Type in information you and other person agreed to preferably in person.

3. Chat.

Very, very usable. That could've been implemented in a simple, secure-coded app communicating over a secure tunnel with another simple app on a robust server. The crypto to do that sort of thing right (outside a browser) is pretty basic. One could even run the deployment server and untrusted storage separately so complex TCB couldn't affect trusted app delivery or operation. Not past availability.

Cryptocat's design was actually simpler than some high assurance systems of the past. That tells me it could be done robustly with a different implementation and protocol. Is it the best idea? Hell no for all kinds of reasons that start with centralization then get worse from there. Its usability can be recreated, though, in a more secure solution.

Note: As I said to tptacek, even the original with its security issues kept users safer than fads like Facebook Chat that spy on them. A fun, usable solution with better than average privacy is still a step up if used by the right people. Just gotta be clear to use something stronger (less fun) to stop hackers.