Agreed. Web browsers are infamous for being vulnerable to remote attack - I want to keep my sensitive data away from them as much as possible.
This concept of "host-proof hosting" seems to encourage that we discard well-proven methods in favor of implementing new crypto schemes in the hostile browser-space.
Are web end-users really better equipped to ensure application security than web host administrators? </rhetorical>
Most software-based security systems assume that the hardware hasn't been maliciously tampered with. cryp.sr is apparently no exception.
If you suspect such attacks, the only defense seems to be adding more hardware. For example, you could use the root of trust from a TPM module or the added physical security provided by a lockbox.
