It's actually more than that. It means that the drivers should be both GPL *and* in the mainline kernel. The second part is often glossed over, but when a driver is included in the kernel the maintenance load on the original author drops significantly. If a vendor upstreams the driver, they don't need to track every single release anymore. One of the major rules of Linux kernel development is that if you change a global kernel API, then you have to change all of its consumers as well. Vendors would get that upkeep for free.

Presumably, one of the first things open source developers would do would be to uncouple the extension from Google's servers. Seems that substituting in as the data store would work pretty well.

As a US HSBC customer, the security that I see is different than the article describes.

The login process is fairly typical (username, password only), but in mid-July 2006, they changed the process so that they are entered on separate pages. I do not understand how this improves security, because the username is echoed back on the password-entry page. There are no additional interactive anti-replay attack features--the username/password form seems to have been simply split to two pages.

The biggest security feature that I have casually identified is that on the Online Bill Payment page, it is necessary to do a second authentication using a Java-based on-screen keyboard (which must be clicked with a mouse). This avoids a simple keystroke logger but is not beyond other attacks (for instance, it would be somewhat easier to shoulder-surf).

You can never go wrong with ST:TNG humor.