our system only has access to your private key when your browser makes a request - the caps URL itself has the key in an encrypted format.
I don't like if my browser need to send out my private key to a server (no matter "encrypted" or not). Why not sign transactions on the client side?
I was saying to Charlie that he should mention this in the post as someone would definitely bring it up.
Put simply: you're right, there's no need to have to encrypt the message serverside and it should be in the browser.
The only reason it isn't that way already is due to complexity of implementing it in javascript - but that's coming.
For now you can either trust us (and remember, it's only your posting key used) or simply not use the service until browserside crypto is in place.