Have you looked into systems like Mailvelope? (similar to what FireGPG once was)
Private keys are kept in the domain of a browser extension, so even if your webmail provider served up malicious javascript (via xss or court order), they would not be able to directly read the contents of your emails since they are being encrypted/decrypted in a separate domain.
Ideally the crypto APIs in browsers would work nicer with hardware tokens etc, but until then, at least people can start moving towards GPG without having to trust large, scary, poorly maintained email clients like thunderbird and evolution, which tend to segfault with a terrifying frequency.
Private keys are kept in the domain of a browser extension, so even if your webmail provider served up malicious javascript (via xss or court order), they would not be able to directly read the contents of your emails since they are being encrypted/decrypted in a separate domain.
Ideally the crypto APIs in browsers would work nicer with hardware tokens etc, but until then, at least people can start moving towards GPG without having to trust large, scary, poorly maintained email clients like thunderbird and evolution, which tend to segfault with a terrifying frequency.