I don't know for certain without digging into the code but they are probably using the WebCryptoAPI and doing everything client-side to encrypt the file.
The URL that is shared contains the key for the file. You'll notice that the URL contains a fragment identifier, i.e the #foo part of http://example.com/#foo, this isn't transmitted to the server by the browser and therefore the key isn't exposed beyond who the URL is shared to.
Yes, since they could change the JS without notice from to do something different, and could conceivably be ordered by a government to do so generally or targeting a specific set of users.
The URL that is shared contains the key for the file. You'll notice that the URL contains a fragment identifier, i.e the #foo part of http://example.com/#foo, this isn't transmitted to the server by the browser and therefore the key isn't exposed beyond who the URL is shared to.
https://www.w3.org/TR/WebCryptoAPI/