If the keys are stored on your server, and the crypto is done with server-supplied JavaScript, the threat always exists that you can decrypt the messages. Even if the private keys are symmetrically encrypted with the user's password, you supply the key to their browser and it uses the password to decrypt it on the client side, you could change the code later and steal the password (that's what Hushmail did, except with Java). This is the problem with running server-supplied code that is downloaded fresh each time the user visits a site. It can change each time, so it's a security threat every time they use it. An open source program like GPG4USB can be security audited once, saved on the user's encrypted thumb drive, and the code never changes (as long as they don't update it). Like I said, you already need to have the portable browser bundle with you to be on Tor. You can save portable GPG4USB in the same place, so it is always available when you need it. And it's pretty easy to use. Over a hundred people have told me that they didn't understand PGP until they read the tutorial, and there are probably many hundreds more that I don't know about. I have no doubt that even the most technologically illiterate people can learn to use a PGP program, if they're willing to trade a little inconvenience for significantly better security.