How do we know that blackchain.info isn't a giant trojan that's collecting passphrases and waiting for the right moment when they have millions of dollars worth stored there to abscond with? I know it may be a ridiculous question but in matters like these I think skepticism is healthy.
The source code for blockchain.info is open-source and has been (and continues to be) reviewed by educated programmers for weaknesses and exploits. From that review, nobody has seen any indication that the password is ever sent out over the internet. It appears to be held within the browser for any purpose where it is needed. There is a browser plug-in that can notify you if the code changes in such a way as to send your password to blockchain.info.
No security is 100% fool proof. If you have malware installed on your computer (a keylogger perhaps?) it is possible that your password could be compromised and your bitcoins stolen, but that can happen with any wallet running on an online computer. Armory goes a LONG way towards protecting you from such security holes by keeping all your private keys on an offline computer, but that security comes with added inconvenience.
Now we're talking. That sounds quite cool. And the backups out of blockchain.info are easily imported to any other client including the standard bitcoin-qt?
I think one of the clients (MultiBit maybe?) has a feature to import blockchain.info wallets, I'm not sure. However tools exist that would allow you to decrypt the blockchain.info wallet and extract the private keys (as long as you have the decryption password). Once you have the private keys, most wallets have functionality to import a private key. This process might be cumbersome and take some effort, but it is good to know that the bitcoins aren't "lost" as long as you have a recent copy of the wallet file even if blockchain.info were to disappear.