The security model is not affected by what we store on the server. We always assume that encrypted files are public anyway, and what we store on the server is just that – encrypted files.
The security model *is* affected by the fact that we transmit passwords, even if over a strongly encrypted connection, but we have judged this to be acceptable for the gains. It is not really controversial to transmit data over such a channel.
Currently the software does require you to register your e-mail, but once done, you do not need any Internet access. It’s still just a password that in the end protects your document, and you still just have to type the password since the email is prefilled. Same keystrokes, different look in other words.