As for the webmail part, that could be actually doable it the decryption is actually done on the client side :
- the webmail servers stores and transmits email in encrypted form
- the javascript running on the reciever's Firefox does the decryptions
- as such no un-encrypted copy exists anywhere on the web
- the key remains locally stored and accessed only by the locally running Javascript. Not uploaded.
- as a bonus, as the Javscript is delivered in plain text, users can run checks to be sure that nothing shady happens (like the local app using the local GPG service to decrypt the messages, but then uploading them back to the mail server).
And herein lies the problem. The whole point of Webmail is that you can check your e-mail anywhere you can access a Web browser, be it your computer, a friend's computer, a public computer, a Web kiosk, etc. There are only two ways GPG can work with Webmail:
1. Storing the keys on the mail server, allowing the possibility of e-mail provider snooping.
2. Storing the keys locally, which requires hauling a flash drive everywhere, and assumes that you even can use flash drives with the client computer. Also things like FireGPG require specific browsers with these addons installed. If the client machine doesn't have it, a portable copy must be on the flash drive, which complicates things further because the portable app must be for the client's OS and the client must allow executable code.
1 requires ultimate trust in the provider, which is what everyone not using GPG for all correspondence is doing now. It provides privacy for the transmission from the source server to the destination one, but that's about it. 2 requires portable storage of both the keys and possibly the browser, severely limiting where one can check mail, or at least making it so inconvenient that most people won't even bother with the system.