Thanks -- I ended up sending this:
@goberoi: Why do you have users enter a 'pin code' instead of a master password with a complexity meter like LastPass does? This makes your encryption highly suspect -- by calling it a 'pin code' you're basically guaranteeing the user will use ONLY numbers which radically reduces the encryption's effectiveness, and worse most people use 4 digit pin codes at their bank, so that's the most likely scenario.
When a user selects a 4 digit pin; a rogue employee at Foxmarks could crack all their passwords in a few minutes by a brute force attack. I'm not saying there's a rogue employee at Foxmarks, just that it's a good idea to plan for it, like LastPass has.
I've never tried foxmarks, so hopefully I'm missing something here.
If anyone's tried it, it'd be interesting to hear if my assumptions were correct.