Also I use StrongCoin.com and there is a great wallet service at BlockChain.info - there are many wallet services. This is not an issue as many have stated.
As I understand StrongCoin, it works similarly to BCCAPI or Electrum in principle - the server never knows your private key.
I'd want to do a lot more research before using it though.
web wallets use javascript.
this means that javascript code is sent by their server to your browser when you visit the wallet.
if the server gets hacked, I am afraid the "server never knows your private key" assumption will fail miserably...
True, sort of.
The only opportunity for a hack to succeed is when a private key is entered - that should be only when the public key is created, and when signing transactions. This presents a much smaller attack surface than a fully hosted service, where your private key is available to be captured at an attacker's leisure.
Still, as you said - if you enter your private key on a website, you are subject to what's coming from that site. You're executing code on your machine from an outside source, with all of the gaping security issues that come with that.
