That's why I've always been against web services like this. You don't know which of those updates might include malicious code, and you'd have to audit the code every time, so it ends up being less convenient than a desktop PGP app. The code in my desktop app changes a couple times a year, but it's also released to a much larger group of people who will audit it for me. Millions of people use gpg.