It is not a problem to distribute the decryption algorithm. The question remains against what this will protect. Normal https encrypts the traffic safely during transit. With this, the data is also encrypted on the server. But if you can access the server, you can modify the javascript code to send the password back to a server.
It could be used on something like IPFS, where all data is basically public but you can be sure it hasn’t been modified.
It is not bad per se. It should be the goal of every government to make all people fat and happy. The problem is, it is enough to only make >50% happy.