I'm guessing he's using LDAP to retrieve public keys and the c setuid wrapper is to get access to the user's home directory where their private key is stored.
yep.
RoundCube would probably want multiple methods of retrieving public keys and LDAP may be on of those methods. While storing private keys in a user's home directory is probably the most secure way of storing private keys it probably wouldn't work for RoundCube because of the inflexibility of the solution (e.g. what do you do on Windows computers?). Storing the private keys (and also perhaps a list of trusted public keys) in MySQL is probably the most flexible option for RoundCube but RC (or the plugin) better come with a big disclaimer warning about the risks of exposing that data. It would be interesting to see how Justin has integrated his PGP features as some of that integration maybe useful for RoundCube.
i imagine that most smaller rcube installs wont have control over the server that they are running rcube on, so it would be good to offer a choice on how to deploy this.
the implementation we are developing will not be suitable for many setups, but hopefully some of the code will be useable.
There are a lot of questions to work out for this feature: -Is it part of the core or is it a plugin?
i'm not sure myself on this yet.
-What back end encryption technologies does it support? The main options look like GnuPG and OpenSSL.
yep, we are using openssl for s/mime and gnupg pgp/mime.