You don’t have to throw a rock very hard on the Internet to find some blog post where gloom and doom rears its head with thoughts of “HTML5 Creates Security Nightmare!” or “HTML5 Code Easily Stolen in Your Browser!”
Yes, you can read some good posts about the concerns around HTML5 but I find that they tend to be a little more smoke than fire. Instead of going down the list of concerns and trying to address each one, I am going to give my own opinion about the issue as a whole. I will be using metaphors which I know break down very easily, but work with me on this.
Security is only as good as the amount of effort you put into it. Nothing is ever 100% secure. Think about your house. You have locks on the doors, windows and maybe even a security system. What if your child leaves the door accidentally unlocked though? If you were robbed because the door was open, would you blame the security alarm?
I think blaming HTML5 is akin to blaming that alarm for not working. Although HTML5 can be one vector of a break-in, there are a hundred other ways you can have an unsecure site. Blaming one item of the whole doesn’t make sense to me.
I believe the browsers are doing a great job helping with security, trust, etc. If I was to look at Internet Explorer these days, it does an amazing job of keeping me secure as a user. I could go on about Enhanced Protected Mode or how Microsoft details Internet Explorer 10 security and feature improvements in Windows 8. Or you can go see over 300 articles about IE Security. Also, we are even getting help around not being tracked by ad companies and the like.
That is actually what I want, I want my browser to keep me secure and I believe they are doing a good job.
Finally, stay away from the bad parts of the Internet. Or, be careful! Maybe I am not very adventurous, but I find myself sticking to the parts of the Internet I know well. I find that I have never had any compromises or issues. If I ever did (from a search request), my browser would let me know “Hey Tommy, this looks suspect.” and I would look elsewhere.
So in conclusion, I don’t think there is a problem with “HTML5 Security” but that we need to use trustful browsers and be careful.