In 1999, Bruce Schneier wrote some lines about Hushmail and other encrypted webmail initiatives. Bruce identified three basic weak points in Hushmail, the passphrase (if it is weak then - but only then, mind you - your "bored to death admin" would be able to have some fun), the encryption applet(how to make sure it is not a Trojan and that it is really secure) and the server location (Canada, a place where "legal attacks" are more likely to occur than in some other places).
HUshmail team answered
, clarifying some points and even agreeing with others. They also comment on the comparison between Hushmail and PGP.
The article here has some logical problems. You complain that two users must both use the service to have a secure email conversation and then goes on to describe a very unlikely situation where a supposedly technically savvy criminal fail to notice this fairly large "detail". This is not only unlikely, it also does not prove anything.
I also fail to see why you think PGP would be any more secure for users who can not read and/or understand Hushmail's FAQ. PGP is probably far more difficult to use and understand for the average user.
Your discussion of a legal attack on Hushmail is also based on the presumption that the there are plain text secret's jumping around.
I will not say Hushmail is " next best thing to PGP", but I certanly disagree with an article that presents fake problems to such a service. I certanly agree that they should do everything on their reach to educate and inform their users (and you even imply they do). But this efforts have a limit. Somewhere along the line you must give up trying to stop the naive user from getting hurt and give attention to the core users, who have real needs and problems to be addressed.
The alternative is to blame Phil Zimmermann everytime someone chooses his/her birthday as a PGP passphrase.
Evolution doesn't take prisoners