Looks like an interesting project! It would still need serious audits since it's all browser-based (arbitrary JS could be added at any time and snoop on the results page) and there's a black box element at the point of retrieving results: we're hoping that the search provider is only sending encrypted results back, but I don't see how we have a guarantee that this is the case and that the query and results aren't being logged in various places and cross-referenceable. Basically, we receive an encrypted result, but where is the non-black-box, non-trust-based guarantee that this is the only result seen?
