Concerns of JavaScript encryption

This post by Matasano Security sums up a lot of the problems that are inherent with javascript cryptology tools.  In the next few posts, we will highlight the main points and provide counter techniques to address all of these concerns.  Although these problems in all likelihood will not affect the average user, in extreme security sensitive scenarios these counters should be implemented.  

Can I trust that Deadrop.us will not see my information?

Short answer: YES!!!

The Rationale:

All information on Deadrop.us is completely encrypted before it even reaches our servers. There is no opportunity for us to read any part of the encrypted message. This can easily be confirmed by the community because Deadrop.us Javascript is open-source. All of the source code is completely open and encouraged to be scrutinized by the community. Only by doing this can we ensure the user of exactly what is happening to their data.

What makes Deadrop.us feasible?

Deadrop.us servers never have the opportunity to view your plain text message or your password because your message and password are never sent over the network to the servers.  Your message is encrypted via JavaScript within your web browser using your password as the encryption key.  Only the encrypted text and the Drop name are actually seen by the server.  

What is a Dead Drop?

"A dead drop or dead letter box is a method of espionage tradecraft used to pass items between two individuals using a secret location and thus does not require them to meet directly. Using a dead drop permits a case officer and agent to exchange objects and information while maintaining operational security."
- Wikipedia