Very cool! I'm assuming this is not just for sending PGP mail, but also for decrypting PGP-encrypted mail that the user receives.

Has anyone been able to tell how they protect against the server grabbing the plaintext after it's been decrypted?