Comment Re:It's a TRAP! (Score 3, Insightful) 175
It didn't but yahoo is a webmail provider and webmail kinda implies that the provider will either be storing the key or at the very least be able to access it by tweaking some javascript a litte.
Not necessarily. Securely handling keys is indeed impossible for untrusted Javascript, but it should be feasible to provide a browser add-on (analogous to Enigmail for Thunderbird) with a key management UI and PGP bindings for Javascript. As long as that add-on is open-source and vetted by browser vendors, you don't need to trust Yahoo's web page (let alone their server) with your private key.
Ideally, this would be a core part of Firefox / Chrome, or at least a unified add-on, but in practice Yahoo!, Gmail and others would probably insist on making their own.
However, a general-purpose add-on could potentially allow encrypting/signing the content of any text field in a page, so it wouldn't depend on the email provider's support.