The pull request was rightfully rejected.
I think Bitcoin.org should not promote centralized services generally. More specifically it shouldn't promote a centralized service which is not licensed, insured, and (most importantly) independently audited.
Is there anything that can be done to make My Wallet a bit more auditable?
I think the main concern right now is that someone with developer/admin access to My Wallet will implant a hidden trojan/weakness in the javascript code, that will leak unencrypted (or weakly encrypted) passwords back to the server.
Can this concern be addressed somehow?