The problem I have for Windows 8 is that the keyboard DOES pop up when hitting a textbox... when I have a hardware keyboard attached.
That said, I am developing a touch-friendly web app, so as a cube farm drone, touch is very useful for me.
Congratulations, you've figured out Chrome OS!
Works for me with that version.
Make sure if you're using blocking extensions (Noscript, etc) that they are allowing frames and JS from gstatic.com and google.com.
Also make sure WebGL is working (I dunno if it uses it or not but it looks 3D) in chrome://gpu/).
Bad guys can already do this right now, and the url still shows the bank's domain, so non-technically inclined users are no less protected.
Technically inclined users probably never navigated to the url in the first place.
Your specific example is a flaw in the specific website, and there is little Chrome can do when a website is coded in a insecure way that persists across all browsers (and web standards).
To write good code is a worthy challenge, and a source of civilized delight. -- stolen and paraphrased from William Safire