Also I use StrongCoin.com and there is a great wallet service at BlockChain.info - there are many wallet services. This is not an issue as many have stated.
As I understand StrongCoin, it works similarly to BCCAPI or Electrum in principle - the server never knows your private key.
I'd want to do a lot more research before using it though.
if the server gets hacked, I am afraid the "server never knows your private key" assumption will fail miserably...
True, sort of.
The only opportunity for a hack to succeed is when a private key is entered - that should be only when the public key is created, and when signing transactions. This presents a much smaller attack surface than a fully hosted service, where your private key is available to be captured at an attacker's leisure.
Still, as you said - if you enter your private key on a website, you are subject to what's coming from that site. You're executing code on your machine from an outside source, with all of the gaping security issues that come with that.