It's fairly trivial to fix anigma: escape innerhtml and implement window.nostr, so that it doesn't need to store any private keys. I'm not sure why no one has done it, maybe I'll do it this weekend.
Discussion
rogue code can still decrypt your dms if the plugin is set to auto-decrypt