If I may ask, could you go into more details in regards to to "js crypto" < "applets" <"plugins" thing ?
In its infancy, cryptocat was a js-crypto thing.
This has caused quite heated discussions, among which was this article:
http://www.matasano.com/articles/javascript-cryptography/Basically, js-crypto is unreliable. This caused cryptocat to move to plugin model.
Actually, plugins (when open-source) are more reliable than both applets and js-crypto.
JS crypto is both rather unreliable and hard to audit (I don't know if attacker has compromised your server and is sending out hostile javascript or something like that)
Applets are somewhat better (at least the damn things are signed), but even if they are open-sourced, I can't be totally certain that your signing keys and server haven't been compromised (causing a properly-signed yet malicious applet to be distributed).
However, I have to admit, that it is unlikely someone will go through the trouble of rooting your servers AND taking over your keys just to screw over a file locker (admittedly, a cheeky one but still)
Now, if I have installed an open source plugin, I can be certain that (assuming the plugin has no auto-update functionality) as long as the version I installed is "legit", there is no way to "switch it over" to something malicious from your side.
Browser plugins (if done right, mind you
) are thus the best way to get some semblance of a secure environment.
What is "Megareload"? Is it a megaupload clone site?
Well, they are more like "mega" and "megaupload" cross-breed, it seems.
What I like here is that the incentive business model (which Kim sadly dropped) is coming back. I adore incentive-based file sharing, it really rubs MAFIAA the wrong way