I actually have exactly that in one of my products http://www.memengo.com All content is delivered over HTTPS, encryption is in Javascript on the client side. Yes, the user must trust me not to alter the JS code behind their back, but the same applies for any native app that could auto-update and is not guarded by outgoing firewalls. Which is most of them.
The reason why data is encrypted is that database theft (e.g. backup theft) is not a disclosure of data.
A lot of apps check for updates on each start, and most users will install an update when prompted. Not everyone, true, but let's talk statistics for now.
Whether developer himself is malicious or his auto-update is hacked, it's a vector to inject harmful code to the user-side environment.
Statistically, there is no practical difference in security of the user's data between a native app and a web app.
The reason why data is encrypted is that database theft (e.g. backup theft) is not a disclosure of data.