Matasano Security - Matasano Web Security Assessments for Enterprises. Analysis of cryptography in JavaScript. Summary: Cryptography in JavaScript is usually a bad idea, as the JavaScript is loaded from an untrusted source or untrusted network (if you trusted it, cryptography would hardly be necessary) and therefore a chicken-and-egg problem exists. Regarding the previous 0bin project: cryptography was not implemented to secure the user, but to secure the 0bin operator - it is therefore relatively irrelevant to the operator whether users are secure or not, it is only about "plausible deniability" for the operator. The situation is different, however, when a JavaScript encryption is implemented instead of using SSL.