No, not really. Until there's a standard that allows doing crypto in the browser, enforcing a higher security level for the page, and somehow verifying the hash of contents (so sites can "publish" an app) then web apps are basically useless for security.
I know this is as pathetic as "why aren't scientists working on cancer instead of X", but we have WebXXX including Bluetooth and USB, you'd think we'd have "WebVerifiedApps" or something. Even content-addressable URIs aren't being allowed.
It's funny, given the rise of things like Tutanota, which provide basically zero security over Gmail. (In fact, probably worse, since Google's sec team is way better.)
To some degree yes, for example you could use something like https://github.com/openpgpjs/openpgpjs to encrypt from one customer to another across even your own infrastructure, but (afaik) the browser VM is an incredibly insecure platform to run a "secure" application.
I wonder, would it be possible to build a secure P2P client using encrypted Media Extensions and WebRTC? Going to check to see if EME supports encryption as well as decryption...
update No. EME is only intended to be used by content consumers; even if it could be hacked to encrypt uploads / outgoing transfers, that use case wouldn't even be considered important as the spec evolves. Super lame.
I know this is as pathetic as "why aren't scientists working on cancer instead of X", but we have WebXXX including Bluetooth and USB, you'd think we'd have "WebVerifiedApps" or something. Even content-addressable URIs aren't being allowed.
It's funny, given the rise of things like Tutanota, which provide basically zero security over Gmail. (In fact, probably worse, since Google's sec team is way better.)