If I build the following web wallet, it will be the most secure web wallet currently on the market. Agree or disagree ?

1. The client will be a 1 page backbone.js app deployed directly from the repository on github. The page would be signed with my PGP public key.

Why?

a. Because it would then be possible to write a chrome or firefox plugin to verify the wallet downloaded to your machine corresponds to the code on the repository. Blockchain.info has a form of this already but without the PGP signing.

b. If any third party such as github/cloudflare tampered with the wallet the user would be able to see and flags would be raised.

2. All javascript in plain text and easy to read. (unobfuscated).

Why ? Because the wallet is then open for peer review. Like all solutions that use cryptography peer review is the way to go.

3. No naked private keys stored on the server. No naked keys ever passed to the server.
Why ?

a. Search for “Bitcoin wallet hacked” on google then come back here.
b. Because there is no technical reason why we should ever do this again. And that includes exchanges too.

4. Users shouldn't pick their own passwords.

Why ?

a. Because a lot of users, pick either very week password or re-use passwords on other sites.
b. Because we can then pick passwords with sufficient entropy to properly encrypt private keys.

5. Users should not be able to send coins to the wallet until 2FA is enabled. All operations requiring spends should also be protected with 2FA.

Why ? To defend against malware such as key loggers.

6. A way for users to recover their wallet if the operator goes away.

Recovery procedure should be quick and simple. i.e. electrum passphrase.