Every time someone posts Web Bluetooth someone brings up security, which is fair, but I don't think it's productive to immediately dismiss it. The Chrome developers behind the spec have thought a lot about the security implications. It's not impossible to make Web Bluetooth more secure than tricking a user into installing a malicious program, which isn't exactly a complex trick right now.
This article from 2016 goes into some of the security of Web Bluetooth:
On the server that was heartbleed under the WebMEM spec. There needs to be a tight feedback loop between the feature people and the security people. Without it, the FP will over-run the SP. The default to ship, ship in public attitude means that all of these "features" get public exposure before the security people have looked at it deeply. Much of the worlds technical architecture needs to get inverted.
Clearly nobody cares about the security of the user anymore anyway.