If someone points a gun to my head...
IMHO once people are pointing guns at you, you have serious problems. And yet even then, if the attacker happens to be your government, or someone within reach of your government, you still have recourse. Unless they pull the trigger, then you know that it happened, so you can challenge it in court, or call the cops on the assailant after he leaves, or whatever.
But that isn't really the kind of situation that people are talking about much, in 2014.
The TLA's are certainly authorised to make these demands; It's their job
Looking at the TLAs' behavior provides a good illustration of why crypto needs to be at the endpoints, rather than trusted to service providers: the TLAs have not been making those demands!
We're not hearing about them barging into peoples' homes, pointing guns at them, showing them warrants, and telling them "give me the key to this information about you, or else." We have a legal system for handling that kind of situation, most people are pretty happy with it, and a citizen from 1814 would recognize it. Just read the Bill of Rights, and you get all sorts of images of stories where cops with British accents hatefully sneer, when their Samuel-Adams-esque criminal suspect tells them "oh yeah? See you in court, limey bastard!" and they have to grudgingly go along with the new laws. America, fuck yeah!
Something quite different has been happening, because we have been deploying tech in a way that the confrontation doesn't need to happen, and all our old laws are circumvented. The tech we're using, doesn't fit our needs.
This isn't to protect against government coersion of the business.
This isn't, but it's a step in that direction. You're right that a Google plugin running in a Google browser, certainly doesn't protect against that. That's what I was saying, and then labeled as a minor point.
Nevertheless, it could help educate users on the necessary key exchange and trust concepts, and get them used to decryption as something done by their user agent, where a service provider should normally lack the capability to do it. And if this is really OpenPGP compatible, then it has a fully interoperable upgrade path, to something that does protect against coercion of third parties.
The people who want things easy but less secure, can talk to the people who make the effort to learn how to do things. People could shift at their own pace, but all be part of the same network effect. (I gotta admit, that excites me. I've gotten so jaded, and used to thinking of network effects as usually-bad things.)
In 2015, Joe User uses Google's implementation, and an attacker goes to Google and makes them offer a compromised Chrome-or-plugin to Joe, which Joe unwittingly accepts, and then it extracts his key and sends it out. Joe never knows what happened. A couple years later in 2017, Joe User has moved his keyring to gpg, and an attacker goes to Google and makes them offer malware to Joe. Joe accepts and runs the malware, but it never extracts the key, because Chrome doesn't have it anymore.
At that point, either the malware has to be nastier (break out of its process, use a local elevation exploit, etc -- other purely technical problems that we're always trying to solve anyway), or, if that's not on the table or doesn't work: then suddenly WE'RE BACK IN AMERICA, and the attacker has to show their warrant to Joe.
And that last thing, is the goal. If we can get it to go that way, then we'll have due process again. I want suspects to be saying things like "I'm calling my lawyer, officer," not middlemen saying, "What does the legal department say about this? Should we comply? Eh.. it's not like it's any skin off our noses anyway. The customer will probably never find out it happened, so the cost to our reputation should be quite minimal."