Won't phishing be an issue with the full screen API? If antiviruses can be faked in web pages with such accuracy complete with Windows and Mac look and feel, the full screen API might allow for more convincing fakes. Firefox does show a dialog, but it sounds relatively harmless.