That looks really horrible and I am somewhat tempted to write and publish a GreaseMonkey script that does bad things to CipherCloud protected pages...

Why would a company (deliberately) try to sell a false sense of security to anyone whose knowledge of cryptography is not 'on par'? Please think about how it might hurt these customers and their employees (and their families!).

It's not about deliberately hurting a company; if it's possible to make such a script, it will be made. Period.

The question is: do you want the script publicly available, or in the hands of your adversaries without anyone knowing? There's a third alternative: fix the problem.

Fraudster companies SHOULD be hurt. And their employees should have been the ones that bring this to light - otherwise, they are accomplices and deserve whatever they get.

Exposing charlatans is commonly accepted. Elsewhere in the thread it was implied they hold peoples medical data (hipaa).

I guess it's not about hurting a company but about hurting fraudsters. Their tech isn't "not on par" - it's pure nonsense and they know it.

So they use AES as a building block of substitution cipher?

One would think that if something is insecure anyway they could at least make it efficient.