It never fails to amaze me that no one seems to get the negative security implications of an integrated url/search bar, especially given the underwear knots some smart people seem to get over truly esoteric 1 in a billion use case vulnerabilities.
If the URL bar performs search, it is ripe for a mistyped URL to lead you to a fishing site (hell, bad guys don't even need to register every typo iteration in DNS anymore, they can just pollute search results; it's like DNS hijacking made simple.) I have seen my wife and kids do it time and time again, no matter how many times I tell them. They don't type in URLs anymore, they just type in "youtube" or "amazon" or "runescape" and then click on the first link that shows up.
Obviously this is dangerous, but more than that it broadcasts your URLs to Google or Bing or whatever. There is a mountain of information that can be culled from those queries that can compromise not only you but your business/employer. If it were reported that Firefox was sending every URL you entered to Microsoft or Google, people would lose their shit about it. But when the browser is designed to do that deliberately, no one seems to give a flying ----. THIS is the reason that I do not use Chrome. It's a gaping security hole, but because it is Google (who i am generally a fan of) it gets a free pass. That said, all browsers seem to exhibit the same behavior regardless of whether they have a separate search box.
If the URL I entered isn't found, return a 404. End of damn story. THIS is also the reason to still type http:/// or https:/// in the address bar.
But this is all just symptomatic of the larger problem of security in general. To pass my audits I have to take a hit either for being somewhat vulnerable to BEAST or for using the weak RC4 algorithm, pick one. And I don't process financial information of individuals in any way shape or form. But companies like Pandora get away with putting a credit card processing form in an https IFRAME inside a non-https url. And those frigging morons, when explained to them why this is monumentally stupid and that part of the reason for HTTPS is for the user to be able to verify that they are giving their credit card information to the people that they intend to (and to verify the certificates), just don't understand the issue. Their explanation is that it is too intensive to stream music over https so they have to do it this way. How can they be this successful and be this completely brain f'ing dead. Hey, Pandora: _blank. Look it up ass hats!
Or my bank totally not understanding that when I go to the bank page URL and it says "John Smith and 3 other friends like Dumb-Ass Credit Union. Like us on Facebook" that they have just communicated sensitive personal financial information to an incalculable host of 3rd parties. Why in the F does my credit union need to use social media? What the hell is wrong with people? Their response "Dumb-Ass Credit Union doesn't send any personally identifiable information to Facebook, blah blah blah". Seriously? Can they really be this stupid? Here is a hint, I now know that "John Smith" likely has a Dumb-Ass Credit Union account, step 1 in identity theft process complete. Of course, he WAS dumb enough to like it on Facebook, so there's that. I, however, had no intention of telling anyone I had an account at Dumb-Ass Credit Union, but the frigging Credit Union decided to tell Zuckerberg themselves, and they just don't get it.