i am new in the it security. so maybe some expert can help me.

i used for a while enigmail (http://enigmail.mozdev.org/home/index.php). it's a gpg plugin for thunderbird. but i hate this key-ring management. most of the public-keys become out of date, and i switch to hushmail.com - a crappy and ugly webmail solution with email encryption. i am idiot - i used it over two months and then i read this article http://en.wikipedia.org/wiki/Hushmail - they have backdoors in their encryption and worked with the feds.

now i test device code (http://www.devicecode.net/). it's a kind of social network, but only with the basic features - contacts and profile management. But the real feature is the messaging encryption - they used a javascirpt encryption library (with rsa, aes and stuff) and encrypt your messages end-2-end. it's a mixture of facebook.com and hushmail.com. short: facebook.com - girls - pictures (you cannot upload a picture of you??)+ ugly design (colors?)+ encryption + anonymity + ajax + javascript rsa 1024 bit key-generation (crazy and super slow :/ - works only good with chrome!).
i try to debug the library with firebug to find a security issue (http://www.devicecode.net/about.php?topic=security), or just a chance to leak some information, but my javascript skills are too low. I cannot find any information about this service.

Have someone of you use it? If you look inside, there are only some people - but at irc i hear, that some warez groups use it for their communication. Is it really possible to encrypt SECURE with Javascript (i don't mean Vigenere/i talk about RSA)? Is there a way with XSS?