I think he started out with the idea of offering an easy to use web service for PGP, which is well intentioned. He's interested doing web projects, so that's what he wanted to do, but it's simply not secure. Now the plan is a browser add-on to encrypt locally, he just hasn't gotten around to admitting that it's easier and safer to store the keys locally too. At that point it's not a web project anymore.