[MichaelGG]

No, not really. Until there's a standard that allows doing crypto in the browser, enforcing a higher security level for the page, and somehow verifying the hash of contents (so sites can "publish" an app) then web apps are basically useless for security.

I know this is as pathetic as "why aren't scientists working on cancer instead of X", but we have WebXXX including Bluetooth and USB, you'd think we'd have "WebVerifiedApps" or something. Even content-addressable URIs aren't being allowed.

It's funny, given the rise of things like Tutanota, which provide basically zero security over Gmail. (In fact, probably worse, since Google's sec team is way better.)