Thing is, no one in their right mind ever allows scripts while visiting an .onion site. Too easy for a bit of innocuous looking javascript to obtain, obfuscate, and send off your IP address. Sure, we trust SR, but most javascript exploits are injected without the knowledge of the site operator hosting the exploit.Why even think of trusting something that's important enough to encrypt, to an unknown parties javascript encryption routine? How do you know they don't keep a copy? Because they say so? Do you audit the javascript code EVERY time you use it to make sure it hasn't been maliciously modified?Honestly, agreeing something is important enough to use PGP, and then using a 3rd party web-based function to encrypt it with seems kind of, well, not very secure at all.I've got PGP Desktop installed in windows, and it's a breeze. Highlight and right click a public key, and click import. Highlight text and press [ctrl][alt][d] to decrypt it, or [ctrl][alt][e] to encrypt and replace it. To decrypt or encrypt data in the clipboard, same keystrokes but press [shift] as well. Enterprise level key management and functionality, and a simple as shit program to customize and master. I run open source GPG on my Ubuntu laptop, and it's not a whole lot behind the PGP Desktop program in terms of ease of use and functionality.Using a web-based encryption routine is akin to sending a postcard by courier to the envelope store to have them put it in an envelope for you. Just because it arrives at its destination in that envelope, doesn't mean someone didn't read it or copy it before they put it in the envelope for you.Man, I smoke a little weed, and I sure come up with some crappy analogies. :8)