This is the claim they seem to make:
Secure & Private
100% client-side wallet.
Private keys never leave your browser.
No data is stored on server.
But one can never be sure of these things, no web wallet can be fully trusted.
Malicious wallets can grab browser data even if you run it in a sandbox if the browser's user data folder is not set to be restricted. Phone 2FA for exchanges help with that but a browser alone - to me at least - is not convincing to trust it with significant amounts. I'm not trying to take away anything from them but just because the private key doesn't leave your computer doesn't mean there aren't other critical points that can be compromised.
I only trust MultiBit. It doesn't have autoupdate feature so it can't go rogue with a pushed update but a website can always change.
And as I was trying to check the site I've got "Backend server connection error".