Yeah that's reassuring and all. The WC3 takes security very seriously as well as do the makers of Mozilla, IE, Chrome, Opera, Safari et al. but never the less we still have drive by's, we still have machines with AV software, anti-malware, Sand Boxing software etc installed and they still get through and steal whatever they want.
There are better ways to do this. Doing this in the web browser as it currently exists is just foolish. I am building an application frame ( appFrame ) that can run actual applications free from the asshattery that is HTML and CSS.