You described in your post an HTTPd process on the local user's machine that will make shell calls to their installed GPG binary. My PHP port merely presents one alternative way of doing that on any system that supports PHP - without the need for the user to install and configure GPG binaries, and without the need for the HTTPd process to have permission to make shell commands.

If you see encryption tools that others have written - and all you can imagine is implementing them in insecure ways, then that's your own issue.