[daeken]

But if you need to trust the server (and you do), then the client-side encryption is 100% pointless. You might as well encrypt on the server with safe, sane, battle-hardened code.

At the end of the day, XSS, rogue hosts, etc can own this even if the person "running the show" doesn't want it to happen.

Edit: I note that you now link to nadim's response to http://www.matasano.com/articles/javascript-cryptography&#x2...; -- you reaaaaally should consider linking to the original, or perhaps to https://news.ycombinator.com/item?id=5768837 wherein that article is torn to shreds. JS cryptography is very, very dangerous.