The reason crypto in the browser is dangerous is because the crypto algorithms come from the server (they aren't built into the browser) so you have to verify them every time you go to the site to know they're doing everything properly. They could easily change them to no ops for you at the request of the NSA or whatever and you wouldn't know. So on the basis of that, I don't think this project avoids that problem
I agree 100%. This means both processes are insecure, though probably it's a matter of degrees, since you at least have the apple approval process filtering out blatant fuckery
