[yk]

He can put his root CA into the browser, certainly when the browser is first installed, and perhaps with the next update. (Are automatic browser updates encrypted?)

But this is besides the point of in browser crypto. The interesting thing is, you need a reliable delivery platform for your crypto code, but this implies you have a TLS connection. So either a third party can break your TLS and modify the crypto code, or your connection is secure in the first place. The scenarios you are then dealing with, is that the server is potentially malicious, but a malicious server just serves broken crypto.

[Edit spelling]