Client side encryption works just fine. It's only a problem in a browser where you have to download the possibly-MitM'd program each time you want to use it. Actual installed client software that encrypts end-to-end is the proper way to use encryption.
One catch: remember that the browser itself absolutely should not be the installed program doing the end-to-end encryption, where bugs can allow the private keys to be leaked. Important data like the private keys shouldn't even be in the same address space. See gpg-agent/ssh-agent as an examples of how to keep sensitive data in a separate process.
Nit: you are effectively re-downloading browser DOM JS crypto programs every time your browser loads a new DOM element for the page hosting the app. It's not just something that happens when you first visit the site.
That's one of the things that makes securing browser JS crypto so intractable.
Meh; you can't trust the first version anyway, which makes anything happening later on the page just as broken.
If it's an additional source being added much later on that you are concerned with, that's always been a broken design that Douglas Crockford warned[1] about years ago.
One catch: remember that the browser itself absolutely should not be the installed program doing the end-to-end encryption, where bugs can allow the private keys to be leaked. Important data like the private keys shouldn't even be in the same address space. See gpg-agent/ssh-agent as an examples of how to keep sensitive data in a separate process.