Paysty is only verifying that what you enter into the 'accno' and 'sum' boxes actually appears somewhere in the html of the page. So of course you're right you could enter anything that appears somewhere on the page, not necessarily the true account number for example. This is just a first stage verification - the real point is as follows: if there's a dispute between buyer and seller, the escrow can (if you choose to give it) take the ssl key(s) specifically associated with that html page, and decrypt that one page and read it.
The protection of your privacy is based on doing a kind of "reset" of the ssl connection and then reloading the page. This means the escrow will never be able to see anything except that one page.
Does it make sense? Obviously a more detailed explanation will be given in the future.
Yeah thanks, makes sense. I guess in the end there will always be some kind of trust required, even for technical people, unless they are willing and able to inspect the whole source code but in essence that´s equally applicable to using bitcoin itself. Making explicit what kind of information at which step is stored where and visible to whom and at which point in time is going to be crucial though.