[mindcrime]

Users can download and install native apps, written in C/C++ (or even assembler) which can access the OS with impunity. Given that, I'm not seeing how exposing more OS level functionality up through the browser is such a big deal.

And some low level functionality is crucial (or at least damn important) for certain types of apps. What sounds like a "bad idea" to me, is to indiscriminately rule out entire classes of applications because something bad might happen.

[bretthardin]

I should be more clear. The scary thing is having malicious sites exploit the functionality. URI overflow attacks and Gifar attacks can be exploited at the website level. Exposing this functionality to the developers is unnecessary. If a developer wants to run as a native application, then they should. Not run as a chrome plugin pretending to be a native application.