3. Embedded Flash implementation (which doesn't exist on mobile anyway).
4. Google API keys.
If what you care about is security auditability, that's pretty good. If you care about running only open source software, that's going to be very hard to do in the Android/Google-Play ecosystem.
Main advertisement? I just went to android.com and developer.android.com; android.com advertises "Google built in" and lots of platforms, with a very small link to AOSP at the bottom of the page; developer.android.com has an AOSP link buried in its menus.
I believe only Chrome has built-in PDF viewing too, which can be nice. The page you linked has people saying there are Chromium plugins for it, or you can install a dedicated PDF viewer and it will probably embed itself in the browser when downloading PDFs.
Is the Android chrome (in the UI sense) now open source as well? If that is the case, we could finally get the option to disable third-party-cookies...
What protects you in that scenario is those apps aren't really vulnerable to leaking anything in the first place. Malicious ads in games can only see what other ads you've viewed, it's not like you're signed in to your bank website in Angry Birds.
And if your banking app with its embedded webview has its site compromised, you're already fucked without even opening the app.
Why? Chrome isn't open source, if you care about that kind of thing. And personal preference also.