Just leave a password text field which makes it look like a brain wallet.
Using your email as salt is important for security...
Also, how can I verify these aren't sent to a server?
You can monitor all requests in the network tab of the developer tools in your browser.
Is the wallet open-source?
Yes, you can
find the source code on Github. You can run it locally simply by downloading the client and clicking on the index.html.