It was a very naive implementation and it clearly has several faults. Thanks for pointing some of them out. There isn't any solid use case, and we're all better off letting nginx/apache/$SERVER handle the encryption rather than doing it inside the application.

I was just trying to jump on the "Look mommy! Look at what I can do with Javascript and HTML5" bandwagon :)