They very clearly have no idea what they're doing (security-wise), consequently this is very likely not the only fatal flaw in their implementation.
I posted my warning because I think most users are not even aware that they're sending their password to inky and the implied risk. Also inky does nothing to educate them (a handwavy marketing-blurb buried in the FAQ does not count).
Sorry but comparing inky to LastPass and Google is laughable. Google is trusted because it's Google. LastPass is trusted because their process is extensively documented. If you plan to casually juggle your users crown jewels for a convenience-feature then you'd better fit into one of these two categories.
Hushmail were forced by their government to backdoor their system for this purpose. What's stopping the same thing from happening to Inky?
Presumably, they would not store your Inky password as well -- instead, they'd store a secure hash, not MD5 or SHA-1, which are built for speed, not security....