As @northox explains in #45:

Currently the security of pastes in ZeroBin is based on the trust in the server provider. As long as we have to use a software library provided at runtime from a remote system (currently the sjcl javascript library) this is an issue. And when using a HTTP connection without certification, one can't even be sure that the library is not manipulated during transfer.

If all major browsers would have a built in crypto API, as is planned with the Web Crypto API we should at least implement it as the main encryption facility and keep sjcl only as an (optional, because it is dangerous) fallback.

Additional issues can be found in the audit of ZeroBin provided by Taylor Hornby (Archive-Link). Most points referring to server side issues have been addressed (that's 2.1, 2.3, 2.7, 2.8). The rest is still open for debate or resolution.