No, the sensitive information isn't being protected from localhost but from server A and anything else on the path between user and message destination. localhost is the user. For clarification: GPG is on user's localhost, not the server.

1. Alice uses a web app served by server A

2. Alice wishes to send an encrypted message through the web app served by server A to Bob

3. Alice writes the message on her client sided browser

4. Alice finishes and clicks "Send"

5. The web app's client sided code, JavaScript, sends the message to Alice's pygpghttpd listening on localhost

6. pygpghttpd responds with the ciphertext to Alice's web browser

7. Alice's web browser replaces the cleartext content with the encrypted content

8. The encrypted content is sent to server A to be routed to Bob

---------------

1. Bob receives encrypted message from Alice on web app served by server 1

2. Web app's client sided JavaScript sends the encrypted message to Bob's pygpghttpd listening on Bob's localhost

3. pygpghttpd responds with the decrypted message

4. The decrypted message is rendered for Bob