How is this different than Adobe Reader, where the ability to execute code within a document reading application has resulted in world wide exploits of operating systems?
If my document reader can execute any code in any language, then any document that I read has the potential to execute malicious code on my computer, and I now have an exploit vector that I need to consider when downloading documents & opening e-mail attachments.
I understand that the code can be sandboxed, but before I implicitly trust the sandboxing technology, I'd have to see an example of an unexploitable sandbox. I don't know of any - but that doesn't mean they don't exist.
Right, but "the best" being a very misleading term for anyone not in the know. It too has failed to do the job.. But, of course, no code is perfect. Just keep that in mind.
I find it rather silly to be worried about security given that Apple's one of the largest browser vendors in the world, directly or indirectly via WebKit.
More accurately: all increasing of capabilities in non-immediately-apparent sources IS cause for concern. But that has to be weighted against the exhibited competence of the vendor. I find it unlikely that we-vet-everything our-brand-name-is-safe-computing-experiences Apple wouldn't have considered security in this move.