[nealb]

The good thing about symmetric key encryption in the browser is easy enough to check. You just need to make sure that messages/images are encrypted before being sent to the server, and that the password is never sent to the server. Also ChatStep uses sjcl so the crypto isn't homemade like CryptoCat.

[SamWhited]

Sure, I can verify that things aren't being sent in plaintext, and I can verify that they're using sjcl, but I can't verify most of the other things I mentioned. How do I know they're using sjcl right and not introducing some vulnerability (yes, I know I can dig through their JavaScript, but that's a plain in the ass)? I'm not saying I think they've got any problems; I'm just saying, be careful.

These sorts of tools, while convenient, are dangerous without a proper understanding of what you're doing. User beware.

[ams6110]

And are you going to verify every message? Because the JS can be changed without you ever realizing it.

[herge]

How can you make sure that the password is never sent to the server?

It could be encrypted with their own password, encrypted as a url to a css file, etc.