That's not a very good approach to encryption. It still requires you to trust Google not to send you malicious JS. While I trust Google a lot more than I trust any other company their size, a private key in the hands of ten thousand employees still isn't very private.
I am more concerned with someone breaking into Google and walking away with everyone's email than I am about Google sending malicious Javascript but you have a good point and malicious employees can cause a lot of harm.
