From the HN title: "secure"

I have a question: Secure against what thread model?

The FAQ has an entry for "How do I know you're not sending all my data to the NSA?" but that's the wrong question to ask (i.e. Even if you're not behaving maliciously, that doesn't mean our data is safe against highly sophisticated threats).

It would really be great if you could demonstrate what makes this more secure than alternative solutions.

That said, this is kind of neat.

Thank you for the feedback! I will change the wording of that FAQ question (+ answer) and make it more detailed.

I'm not sure about how I should go about demonstrating what makes this model more secure, except making it more obvious that it doesn't involve storing your data on servers not under your control which is the case with solutions like email and skype.

A big problem is that webRTC is highly MITM-able. You have to exchange initial connections using a server. So no party has any way of knowing if you are MITM attacking.

You might be able to do something diffie-helman shaped at the javascript level (hard to ensure it actually works) to show a fingerprint of the shared secret that could be confirmed via outside channels.

But all-in-all this does not offer ANY security over a server because there is no way to show it is not just being stored on a server.