The SW stays installed for when you open the web app the next time, in essence making it a trust-on-first-use scheme.
I'm working on a library: https://github.com/airbornio/signed-web-apps
It would be cool if other web apps (including Graphite?) could implement it too.