Besides the obvious blunder of not running over https, I found this on the solidcoin website:
The encrypted key is then sent to our server where it's encrypted a second time for extra security.
Not sure how this helps any extra security as your key is already encrypted. This does make me worry tho that they do not fully understand how they are protecting the keys (if this is providing more security). At first I thought this had to do with protecting against a simple database download attack of the keys, but this would not matter as they are protected by the user keys which solidcoin
should not know.
Anyone from solidcoin care to shed some light? I think the idea is otherwise very interesting.