But how would you see that work with a web service? You could implement a large part of the Bitcoin protocol in JS, but if it is served from the wallet provider, it could steal any key that you enter by injecting a keylogger into the JS as well.

It could work with the native clients though, to have it use a wallet on a storage provider (with encrypted private keys) instead of a local one. Would be a matter of generalizing the DB backend. This would also protect against wallet loss if the local machine is formatted.