If you did public key encryption in JavaScript, you could see how the data was being encrypted and the public key being used, but still couldn't decrypt it without the private key.

This is how HushMail.com does client-side encryption, using Java instead of JavaScript.

But for this application, SSL is the normal way of doing it, and is probably better unless you have a lot of experience writing encryption software and a penchant for doing things your own way.