[StavrosK]

I've been saying the same thing every time I encounter one of these articles (maybe I'll blog about it and just link people to it):

The best way to do encrypted WebRTC transfers is to have the whole app in a single page, using as little code as possible (so it is easily auditable). NoScript/etc won't do much when you have to trust the author and can't audit it. People should be able to download the page from the GitHub repo (or wherever) and store it wherever they want. The page will generate a random URL that also contains a secret key (e.g. http://www.myservice.com/somerandomid/#98h9g78g2188t7231gy34...), which you can share with the receipient.

Since the URL fragment is never transmitted to the server, it is private. The WebRTC service can encrypt the content appropriately and send it to the recipient, where it will be decrypted. Voila, encrypted p2p file transfers without having to download anything.