Keybase's decryption page says "you must host your private key in Keybase's encrypted key store." This really rubs me the wrong way. I was under the impression that your private key should not leave your device, ever (Keybase even lets you have one private key for each non-web device).
But perhaps I'm wrong. Maybe all that is needed is to secure the host as in Protecting a PGP private keyring on host?
Is Keybase's methodology secure? I'm not seeing any documentation on their site of how they protect these keys (especially from themselves).