Encryption is mentioned zero times in the WebSQL and IndexedDB specs.
Similar, but incomplete, questions are here, here, here.
I was wondering if you could encrypt the data on the server so that the decryption key is the user's password, then hash their password in the offline database. Once they have logged in we have our decryption key. That seems reasonable, right?
I don't think you should solely rely on the user's password especially if you want to prevent the user from accessing the data you're storing.
However it's perfectly plausible to encrypt and decrypt the data on your server. To keep the data secret, I would have my own secret encryption key stored on the server. If you want security unique to each user, you could append the user's id onto your encryption key but I don't see much added value from that.
Bottom line, I would not trust users' passwords for encrypting data (there are many bad passwords out there). Also you shouldn't know your users' passwords. It's a best practice to hash their passwords so that if someone hacks your database, the login information can't be used.