The question "how many times does 'and' occur?" has to be encrypted with the client's secret key. The server does not know how to ask the question in the first place. The way email spam filter would work is that the client would encrypt the relevant questions with its secret key, then the email server would filter for spam, and when the data hit the client, the client would decrypt info and filter everything out. The vulnerability here would be known ciphertext (i.e., there are only so many questions one can ask about filtering spam).

It is not divorced from public key techniques. The technique homomorphically decrypts from one public key to another public key to keep error vector from growing (if it grows to big, data is lost = no decryption). It is public key based encryption. See http://www.fields.utoronto.ca/audio/08-09/crypto/gentry/index.html