This seems to be primarily for forwarding files. It is unlikely that the users would want to get rid of the files after transfer. Any attack intense enough to get access to the passphrase for the secret key (keylogger) will pretty much for sure give access to the files on the system involved at the time of attack (including insecurely deleted files) and any files that exist on the system going forward.
The whole thing is generally more secure then many of these file transfer things due to the use of the passphrase. The idea of strongly protecting the secret key against local attacks is a PGPism that tends to be forgotten these days.
Yes, this will be used in our organization to transfer various documents (mainly pdf/word files) that contain sensitive data (i.e medical conditions of colleagues).
Yes there's no PFS in ETSD. The data is encrypted with the recipient's public key as normally in PGP so if the private key is compromised then the malicious user can decrypt all messages that were encrypted with that key (if he also gets access to the server holding the ciphers of course).
We wanted to use PGP because it's a well known and heavily tested solution. Also, the openpgp.js library is great and makes it really easy to encrypt/decrypt the messages to the client side without the need to really mess with security stuff. Finally, the users would want to have access to their old messages in the future so using ephemeral keys for each transmission wasn't really possible.
The whole thing is generally more secure then many of these file transfer things due to the use of the passphrase. The idea of strongly protecting the secret key against local attacks is a PGPism that tends to be forgotten these days.