While the ideas and implementation are neat, this suffers from the chicken and egg problem[1]. You have to trust server's resources are not tampered with. Adding an event binding to tamper or siphon data before it's encrypted is simple.

[1] https://www.nccgroup.trust/us/about-us/newsroom-and-events/b...