People are still using web wallets really? Did we not learn from instawallet, inputs.io, and blockchain.info. I see a couple problems with this one. How are they generating the 3 keys? If it isn't client side, it isn't safe. If they are holding on to the 3 keys even indirectly they are not safe. It isn't open source, so there is no way to verify or run this services on my own. Also all web wallets will be consider not safe until they implement trezor support.
So again don't use web wallets none of them are safe unless you are using a trezor or hardware option to sign the transaction.
What surprises me is that you think your desktop wallet is safer. It's absolutely not. Did we not learn anything from the growth of malware over the past 10 years? 30% of home computers are running malware already, and the numbers are growing, not shrinking. Every desktop wallet, from Armory to Bitcoin-QT, etc, is vulnerable to these attacks while BitGo is not. Any single-signature wallet is even more vulnerable.
So perhaps all of us should stop thinking of wallets as either "desktop" or "web". BitGo is both. BitGo is a desktop wallet (use the chrome app) with a web service component (the BitGo service). The two together are called a "multi-signature wallet", and as we all know, this has been declared the "year of multi-sig" for a reason: because it is safer than desktop or web wallets.
But to answer your questions: the keys are provisioned on machines other than the service with the user's full control, and are never known to the service. Hardware signing is coming too.
Mike