Whenever data is brought into a system, the system is subject to attack. Whether from a network connection or distribution media, exploits have always used whatever avenue of infection was available. HTML5 or JavaScript cannot change that fact.
The ease with which an exploit can be fashioned is largely dependant on the level of access given the attack vector and the complexity of the code governing that vector. From Autoplay to VNC, the more control given the remote source, the more potential for manipulation.
As we demand more from web applications and the technologies that enable them, we will open avenues of exploitation, almost by definition. New demands on developers, engineers and designers will be a natural result of this.
On the bright side, this likely means a richer employment environment for web professionals; the flip side is it probably means more jobs for web hacks, too.
First, learn. Learn anything you can. History, languages, geography, philosophy, any and all of it will enrich your life and expand your mind.
Second and perhaps even more importantly, get outdoors, in nature and remember what it is to be a human on planet earth.
Agile, like many new ideas, has a tendency to overreach. The exasperated users are the same ones who dread system updates. They see any technological change or inconvenience as the result of a vast technocratic conspiracy. These people are the ones who want it "to just work" and have little patience for the tedious process of taking matters to that point. These complaints stem from taking this group outside its narrow comfort zone.
On the other hand, there are end users, usually termed "power users", who love their engagement with technology and its processes. It is these people who should be part of the ongoing development process. The larger mass of users should be consulted and upgraded, but infrequently. Of course, this requires you not break backward compatibility with each new release. You know who you are.
"Ninety percent of baseball is half mental." -- Yogi Berra