So, after poking around on their support pages for a bit (
https://kirobo.io/support/), it seems that it works like this:
I first sign and broadcast a transaction sending coins from an address to I own to another address I own, called the "safe address".
I then sign a second transaction sending the coins from the "safe address" to the recipient.
This second transaction is encrypted with a password I choose, and Kirobo store the encrypted transaction on their servers.
I send the password to the recipient, who logs on to Kirobo's site and enters the password, which then decrypts and broadcasts the signed transaction.
At any point before that happens, I can reclaim my coins from the "safe address", rendering the encrypted transaction invalid.
All-in-all, it seems like a massively over-engineered solution for the problem of not double checking the address you enter. Why would I go through all this effort when I could instead just spend 10 seconds to make sure the address is correct? Not to mention that your transaction is now entirely dependent on a third party.
Sending coins to your own address is really redundant, especially at the times of high fees, why not just mark existing outspent outputs on a wallet level as "safe outputs" and use them for this feature. It's also possible to cut the middleman and make some software that takes payment request, creates signed transaction and then the user sends unbroadcasted transaction to the merchant, who validates it again and broadcasts if it's all good.
But even now you can just a use bitcoin: urls to avoid copypasting addresses if that is the problem.
And I think most of the time people do transactions by mistake if they do something like taking addresses from their transaction history instead of going to the service and copying the address provided there, so in such scenario there's still a room fore error even with the setup of this startup.