You can run the PassSeed code/mechanism on your own domain or localhost to ensure it's not subject to malicious host exfiltratuon. I agree that one should only trust a foreign host with low-security uses under this scheme.