Of course, there is no way for us to know whether or not yc archives a copy of the session keys... (Not that I think yc does that, but we're still talking a shared secret -- you need to trust both parties, if you want to trust forward secrecy...).

Since this is a forum site (versus a site that might get sensitive data), I hadn't bothered to check to see if it was always on HTTPS, until this post. Glad to see that it's always on.