The other big problem with that is how to handle private keys. If the private key is generated from your password, for example, then forgetting your password would mean losing all of your PMs. Most people aren't prepared for this.
That is part of the point IMO. If someone "forgets" their password, they cannot be forced to provide it. Perhaps it should be an opt-in feature and it should be clear to the user that forgetting your password makes your PM's unrecoverable, which is both a feature and an issue.
If that is not desirable, one option would be to use a Bitcoin address to recover access. This could be done by encrypting the PM master key with a Bitcoin addresses public key, some clients like Electrum have a built-in feature that allows you to encrypt/decrypt messages (though I'm unsure how safe this really is, it's rarely a good idea to reuse a key for both signing and encryption), perhaps something similar could be done in JS.
