[danShumway]

It's not, but for dumb reasons.

Peer to peer connections on web browsers are pretty good (assuming you have relays to get around router issues with shared IP addresses). And Javascript is generally fast enough for encryption (although I'm not sure what the random number generator situation is).

But we lack the ability to easily guarantee file contents, which makes delivering encryption software more suspect. Additionally, data storage is still very unreliable. It is difficult to share information seamlessly between multiple browsers without a server, storage limits vary between browsers, data can get deleted for weird reasons. I've advocated for a while that users probably should be able to grant pages separate read/write access to specific files and folders on disk, but that's obviously a tricky decision to make and implement.

The Same Origin Policy obviously comes with security benefits. But it also means that if you share a 3rd party link, there's no way to look up metadata about the link without a proxy server to bypass the policy. Building something like an RSS reader in purely clientside Javascript is impossible because you literally won't be able to request many of the RSS feeds.

It can be a little bit surprising when you dig into all of the theoretical stuff that's possible with clientside Javascript to discover exactly what the areas are where the web is behind native. They're usually not the parts that get the most attention.