If you want a quick throwaway wallet use a site like blockchan.info. Not only are your funds in your actual account(not consolidated into some giant wallet), but the private key is never revealed to the server. They could not take your coins even if they wanted to.
Fallacy, has been discussed before
hereTL;DR : Your bitcoins can easily get stolen if the server gets compromised, the owner threatened or if he goes rogue, and that's simply because javascript is dynamically served from the server, it can be modified at will by anyone accessing the server.
Since you did not quote the part where I warned about that then I assume you did not read it:
You should be on the watch for their javascript changing though.
There are plugins for browsers that will warn you if the javascript changes. With this plugin an attacker cannot change the system to reveal your keys without you getting a warning. The source code as it stands now is very easy to read. With such a plugin I would consider it to be reasonably safe. It does however compromise you ability to be anonymous if that is your thing.
There is even a plugin just for and by blockchain to protect against js modification attacks:
https://blockchain.info/wallet/verifier - however I prefer to use a generic version for the aformentioned potential of the operator going rouge.
You also forgot to mention man in the middle attacks which can take place at a tor exit node, but that would require the servers ssl cert to be compromised.