Whenever data is brought into a system, the system is subject to attack. Whether from a network connection or distribution media, exploits have always used whatever avenue of infection was available. HTML5 or JavaScript cannot change that fact.
The ease with which an exploit can be fashioned is largely dependant on the level of access given the attack vector and the complexity of the code governing that vector. From Autoplay to VNC, the more control given the remote source, the more potential for manipulation.
As we demand more from web applications and the technologies that enable them, we will open avenues of exploitation, almost by definition. New demands on developers, engineers and designers will be a natural result of this.
On the bright side, this likely means a richer employment environment for web professionals; the flip side is it probably means more jobs for web hacks, too.
First, learn. Learn anything you can. History, languages, geography, philosophy, any and all of it will enrich your life and expand your mind.
Second and perhaps even more importantly, get outdoors, in nature and remember what it is to be a human on planet earth.
As far as the laws of mathematics refer to reality, they are not certain, and as far as they are certain, they do not refer to reality. -- Albert Einstein