Its like putting those large golden padlock images on e-commerce pages: Over time, people will absorb them as trust indications and then scammers will increase their success rate by draping their spoof pages in these symbols.
A user has to understand what a browser or email client is, and learn to look for trust indicators in the areas that frame the content.
Adding a PGP interface inside a content area is just STUPID.
The real problem that needs solving isn't hacking PGP into web-mail, it's making certificate management user-friendly. And that's not even that hard to do!
I completely agree. I think cert and key management *would* be a lot simpler if operating systems presented keys and certs as first-class objects instead of little scraps of gobbldeygook texts with an empty-page or question-mark icon.