I am also thinking about adding an "advanced" feature where your wallet is encrypted on our servers using a strong passphrase that you have to remember and use every time you login.
But even if this is done right, on first use you would then have my decrypted wallet on your host. I'm still having to trust that you don't keep a copy.
Right, you would have to trust that we only generated your decrypted wallet in memory, and it was not stored to persistent storage in unencrypted format. Also, you would have to trust that every time we decrypt it to perform a transaction, we don't keep an unencrypted copy somewhere on persistent storage.