The killer for me has always been #7 on Nate Lawson's list: Auditability. How do you tell that your browser is using the right copy of the code to do the crypto?
This is an excellent article on this subject. The author (Nate Lawson) is thorough in his argument. His conclusion is "I am certain JS crypto does not make security sense."
The killer for me has always been #7 on Nate Lawson's list: Auditability. How do you tell that your browser is using the right copy of the code to do the crypto?