the idea with the only download possibility while generating is great. 
However it might be as well a good idea to give the possibility to 
view/download a revocation certificate and/or send  one to a keyserver 
(like you can do it with your public key). otherwise there might be 
the problem that people want to generate a new key, but can't revoke 
the old one.

Agreed.

Seems to me like if people use Horde to generate their key they should 
be able to download it at least at that specific time to back it up - 
and to get a warning then about losing it, etc. But otherwise this 
seems reasonable to me. Any other thoughts/objections?

PGP lacks forward secrecy, i.e. once a secret key with corresponding 
passphrase is known to an attacker, all prior and all future mails can 
be decrypted if intercepted. Webmail applications are especially 
vulnerable to keylogger (or looking over ones shoulders) attacks 
because they are often used in insecure environments. Horde lets you 
export the secret key thus one successfull attacks suffices to 
compromise all prios and all future mails. I therefore suggest to omit 
this "feature" (exporting of the secret key) in future versions.



I think, it is not really important for users to export their secret 
key. If they wish to have a copy on their harddisk, they should have a 
secure place anyway and thus probably have the possibility to generate 
a key pair on this system and import it into Horde afterwards. If they 
want to change to a local mailsystem, they should generate a new key 
anyway if it was possible to export the key without their knowledge 
beforehand.