Browsers are notoriously bad at handling security issues. If you are prepared to hold your wealth in a browser extension, good luck to ya
That was exactly my first thought, too - I am still looking further into it though because it does look interesting.
From what I read so far: All parties participating in the mix need to sign off on the payout address. If something is manipulated, e.g. someone trying to divert BTC to anyone other than then intended participants, then at least one party would not sign off on the transaction, and the entire mixing deal would not take place.
So if every participant checks that their receiving address is correct, nothing bad happens ..
Its based on GPG and uses tor .. it does look promising .. and I think I'm gonna try it out because I'm curious