But the person has to trust that you understand security well enough to prevent your server being compromised, which is not trivial.
That is, it's much easier for an average developer to install this on their server than it is for them to understand the security well enough to guarantee that no one else is snooping on said server. Right?
The alternative, using local encryption software has its own risks. As a user, I'd much rather run some code in a browser sandbox than on my desktop, where it has potentially far more access (even if not run as root).
