That's the problem: You need not only trust the cryptocat site, you need to trust all the hosts between your PC and the cryptocat site and all the hosts between your chat partner's PC and the site.
It's entirely possible for the any organization that controls internet access to launch a MITM-attack and supply all the poeple in Syria with a "customized" version of cryptocat that sends a copy of everything said to a computer controlled by the government. And there's no easy way for you to check whether you or your chat partner is thusly compromised.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds