Developers Shouldn't Have Access to The Operating System

Users can download and install native apps, written in C/C++ (or even assembler) which can access the OS with impunity. Given that, I'm not seeing how exposing more OS level functionality up through the browser is such a big deal.<p>And some low level functionality <i>is</i> crucial (or at least damn important) for certain types of apps. What sounds like a "bad idea" to me, is to indiscriminately rule out entire classes of applications because something bad might happen.

The important thing is the ability of the <i>user</i> to differentiate between the local system and sandboxed internet content. Dancing pigs notwithstanding, a big part of desktop security still relies on the assumption that the legitimate user will refuse to authorize malicious content when they have all the information they need to recognize it.<p>So blurring the lines between browser sandboxed content and desktop applications <i>will</i> decrease security. Anyone remember the MSIE desktop integration debate?

Couldn't disagree more. Any sufficiently advanced platform will give developers the ability to do potentially dangerous things.<p>How will Google manage this risk? The same way Apple does with the app store. Google will act as gatekeeper for downloading and installing packaged apps via the Chrome Web Store.<p>Is this perfect? No. Will some bad apps get through? Yes. But the security tradeoff is worth it to get apps that are more powerful and more useful.