The problem is that it was not reasonably secure. As I understand the complaint, you can't integrate PGP into an extensible, skinnable interface securely. There's not firefox or OS support for making that kind of thing doable. You'd want to have some sort of OS and app support for being able to encrypt a message in a widget on a GUI layer above the browser and then transferring it in, so that PGP and Firefox never come into direct contact. Qubes OS has a rough mechanism for keeping different security-level apps separated, and identified via a colored window border. I wonder if something similar to this is the correct solution.
I don't think that the problem was that Firefox or the OS weren't secure enough. Afaik the problem was that FireGPG worked inline with the original page, and thus a hostile JS on the page could intercept the plaintext.
I think something like the "It's all text!"[1] addon with GPG enabled editor should be reasonably secure.
It's may be more secure than accidentally messing up because you were cut/pasting into a text box. A 0-day on firefox could extract your key which is bad. So could a keylogger + ftp that was installed via a 0-day on firefox if you were using an external application.
