Well, the the problem with saving that it is simply not implemented, ie no writing support in the WD/EXDOS emulation at all. So it's actually not a protection but the lack of support. Emulator "fakes" a read-only disk situation so at least the emulation does not crash
Anyway, saving a program is always a problem with a web emulator since web stuffs without specific server side support is not designed for "saving" at all. You can think about that, if you have a web page at a provider, you can visit the page via HTTP, no problem, but it's load (download) information. To upload ("save") something, HTTP is not enough and FTP or other solution (like WebDAV) is needed. So there is a fundamental problem here ... JSep is thought (by me) as a tool to demonstrate running programs, but I would not use it to develop anything, ep128emu etc is much better for that, JSep is only a much simplier web presentation tool, we can say, for an already ready stuff.
At the other hand, in theory it's possible to form a disk image in "localStorage" of your browser (in theory it's persistent, even if you restart your browser, for example, but it will only work with that browser on that device since it's "local"). It would need to re-write some parts of JSep, and there is another problem: you're about the plan to use JSep locally, ie file:// URLs, not from a web server. The problem here, that web is basically designed for the network, ie I am not sure JS scripts from file:// can even have localestorage feature, as it would use - again - the notion of the domain of the URL. But I can be wrong here. There are up-coming standards in JS for example the File API etc, but first of all I am not familiar with them (yet) and I am not sure about the support (last when I read about it, it was read only with Firefox - again the ugly read-only stuff, but you can understand it, from viewpoint of web, "saving" something - ie writing - is dangerous, you wouldn't like a random visited web page start to write your files, or files on other servers at their own, that would be a very huge security problem).
Uploading anything to my page is not needed at all. JSep is capable to load its files from anywhere, which is accessible via Internet and http. There was a thread on the forum about this somewhere, but maybe it was Hungarian. The only problem with this, is the AJAX cross-domain security policy of the browsers. Ie, a script cannot initiate AJAX calls to another domain. It affects JSep too, of course. The solution, that on your server (where you want to access stuffs from, in JSep) you need to emit a special HTTP header which instructs the browser to allow the access.
Access-Control-Allow-Origin: *
As you can see, there are several "interesting" problems with web based stuffs if you want to use them as "local applications". There are products like FirefoxOS which would do everything (ie, even the dialer is a HTML page) with web technologies on a smartphone, but it's not so much widespread and the special extra APIs for this is not quite a standard to be supported by other browsers. As far as I can see, the tendency that more and more techniques are invented to solve these kind of problems on the "generic browsers" as well, but we're quite not there yet, what all is needed for the fair comparison with native applications.
Here it is an example, where JSep loads the disk image from another URL than its "hosting server" (which is ep.lgb.hu in our case), ie in this case from here:
http://www.symbos.de/files/SymbOS-EP-Full.dsk so the disk= parameter in JSep's URL accepts even a full URL, just be careful about the cross-domain stuff, I mentioned before (I guess on symbos.de it's allowed by its admin - maybe Prodatron), that's why it works.
Sorry, I can't provide access to my server via FTP or whatever, because it's not entirely "mine" to be exact just I use that too for my domain lgb.hu
Of course if you have a disk image you can send me to put there, but it's not so much a sane solution if you want to update it regularly.