If anything a web page is more secure than a native app: they can't even request wider access to the local filesystem (there is the FileSystem API in Chrome, but IIRC that has little traction elsewhere and can only operate on files specifically selected by the user rather than being able to randomly trawl around your everything). Definitely more secure than an app on the desktop, which most of the time runs as you and can do anything to your files that any other app running as you can do.
Bluetooth: I've not looked into it in detail (a quick search finds https://medium.com/@jyasskin/the-web-bluetooth-security-mode... amongst other relevant looking articles, but I don't have time to go through them right now) though I find it hard to imagine this similarly would be any less secure than a native mobile app having access to Bluetooth as the web page is going to have to ask for permission to use the API then you need to pair it with the target device.
Native mobile apps have their permissions and access managed by the system, and are at least minimally inspected and approved on the system app store.
I'm really not sure I want my browser managing a second tier of these permissions, especially as it runs arbitrary code downloaded from the net. Maybe it's an artificial distinction, but I'd rather keep "code I stumble upon without even realising by browsing the web" very separate to "Things I give device access to".
