[maxtaco]

We're definitely worried about the hushmail attack, and we disclaim browser-based crypto on the site for those who want to protect against powerful adversaries. Some users might not have those concerns.

You've obviously indicated valid concerns, but note, they're not indictments of storing an encrypted private key on the server so much as they are of browser crypto.

[rdl]

Yeah -- from what malgorithms says, you're actually on the path to removing dependency on a given binary being "near" my key material. I trust you guys more than enough for now; I just don't want to have to trust you if this gets wide adoption in 2 years once you become an actual target.