[AshleysBrain]

The blog says "Should You Turn it On? Yes. Seriously. Turn it on when you have a supported OS and don’t look back." If that becomes the general advice, I imagine it will end up getting more broad use - even if most of the people who turn it on don't really need the extra security.

[Syonyk]

I am writing to a somewhat technical audience on my blog... but, yes, I don't care if my devices can't play some online WebGL game if the tradeoff is far better security in general.

Also, since you can turn it off for specific domains, it's easy enough to re-enable WebGL for some site, while still having Lockdown mode apply to all the random ad serving backends and such you come across. If you're not someone who might be specifically targeted, I think that's entirely reasonable. Secure by default, drop the security level somewhat, by concrete actions I've taken, for some site I want to do something more on.

At some point, I'd assume attackers will try to get people to turn it off so they can attack, but you've made an awful lot more noise by that point.