The "this is for security" argument is BS IMO.
A home screen web app is simply an icon on the home screen that, when pressed, triggers a "load this URL in Safari and pass it this special flag" action. Safari is the one that interprets the special flag and displays the app in the special full screen mode or whatever it is.
All Apple would need to do is to add a method for icons to go on the home screen that would (when activated) trigger Firefox or whatever along with the same special flag. What the individual 3rd party browsers do when they get the information is up to them.
Make it so that the API involved triggers a UI confirmation prompt (so that users know that what icon is being added, which browser it's going to open in and what URL the icon will go to) and there shouldn't be any real security problems.