> email resets mean it can never be more than marginal
Well, this is what 2-factor authentication on email is for :) . Or SSL client certs if you run your own email.
As for using your phone, yeah, I'm aware the phone can fill the gap, but that doesn't mean its the only solution. Plus, given the sync solutions available, services which encrypt.the data would be nice (personally, I'm anxious for git-annex to be supported on Android).