I installed the app and it created a 6-letter string as my “personal” key. It would be a trivial task to write a script that spams other people's key(s). Of course the sender cannot know if there is a reader at the other end, but neither can a spammer when they send a spam mail.

Also, it is not a all clear from the website what happens to the messages you send. Are they kept on the server? If so, for how long and in what form? Encrypted?