Javascript Cryptography Considered Harmful

[jakozaur]

Using the same logic, you need also review CPU and hardware since it may contain backdoors or other intentional insecurities. Even worse, there are allegations it's already happening: http://hexus.net/tech/news/cpu/40037-china-made-us-military-...

Of course, changing the interpreter seems to be an order (or two) of magnitude easier than supplying malicious interpreter. However, I would argue that if you are able to replace JavaScript engine you could do same with whole browser, so SSL is also worthless...