That's all true, from the client end you cant trust this to stop the server end from snooping your data, but there seems to be a class of problems this approach _does_ solve. Where the guy running the server wants better than just plausible deniability about knowing what his users are storing. It can't guarantee to the "customer" that the "server" can't read his unencrypted data, but it'd probably be as close as you could get to a guarantee for the guy legally responsible for the "server" that he couldn't read (and hence be in any way responsible for) the unencrypted customer data...