Decryption takes place in the client, but both keys reside on the server... I mean they have to be there. There is no place for them to be stored on the client. And even if it was some browser store, it would be volatile, right?
Don't get me wrong, there are worse examples out there... but I just don't like people having full access to the private key (even with no password for it) for months and years on end.... they could be poking and prodding it at leisure brute-forcing the pw. It's really best to keep the pvt keys in a pvt place.