This is how similar services have responded to warrants. They voluntarily alter javascript for some ip addresses in order to capture passwords to use for decryption of the user's files.
It would probably be easy to write your own login page or a browser toolbar that would either do the hashing on a page you control or check that the javascript was what it should be.
At that level of distrust however you might as well encrypt the stuff yourself (and send the decryption keys to the people you want to share with in some other, more annoying but secure, way)
It would probably be easy to write your own login page or a browser toolbar that would either do the hashing on a page you control or check that the javascript was what it should be.
At that level of distrust however you might as well encrypt the stuff yourself (and send the decryption keys to the people you want to share with in some other, more annoying but secure, way)