"a strong passphrase that only they know, combined with a second authentication token provided by SMS, will give a security level that is stronger than even using Truecrypt on your local drive - after all, truecrypt is vulnerable to keylogging software"

This would still allow a government to cease your assets, because there is nothing stopping the passphrase being logged by the site itself, under legal pressure.

Client --> Server
       SSL
           ^
           |
         Log passphrase after SSL

For an advanced user, I don't see how it adds anything. Here is all the cash I own, nice kind stranger, please protect it for me. No thanks.

(The real problem is that most of the people on this forum are not your target audience, but we are good people to point out flaws. Please don't take offense at any reply.)