The fact that they publicize their 32-bit PGP fingerprint on their "security" page does not lend confidence in their security practices. Granted, there's also a link to the full PGP key, but the use of short fingerprints for any purpose should be verboten.