Thanks Gabriele for the endorsement! There is an inaccuracy about BitGo.
The three keys are generated and stored in your browser and they resides in the local storage. Two of them are printable and storable (together with the script). In this way you are substantially in control of your money.
BitGo only ever sees 1 of the 3 keys in a multi-sig wallet. That key is generated on our servers and stored securely.
The user key and backup key, and the passcode, are never seen by BitGo. The user key is generated in the users browser and encrypted with a passcode. We recommend users create their own backup key as a cold key that is not seen in the users browser or on our servers.
Because of this design, BitGo can never access the bitcoins of its customers. BitGo is a security service and co-signer only.
We have been live since August 2013 and have performed extensive independent security audits.
To learn more, here are some resources:
1- Our whitepaper about multi-sig P2SH addresses at
https://www.bitgo.com/p2sh_safe_address.
2- You may examine our client-side code at
https://github.com/bitgo.
3- An endorsement by BitPay on their blog
http://blog.bitpay.com/2014/04/07/bitcoin-wallets-and-decentralization.html.