Doesn't that make hashapass.com a single point of failure? The security there must be airtight.
EDIT: This is the code for the bookmarklet http://pastebin.com/gwWstQka
Most of that is formatting a little UI for usability. I just have an offline version saved on my phone and because I'm becoming decreasingly paranoid, I have the master password weakly encrypted so I don't have to type my 50 char password every time. Just open the app, type "facebook", login. Makes my phone a point of failure for all of my logins, if people figure out what that button does, but if I lose the phone I disable it remotely anyway.