I wonder if you could still perform a DOS by doing the following:
- register 1000 domains
- when the browser navigates to the first domain, store 5Mb
- once the store has finished, redirect to the next domain
- repeat steps 2-3 ad infinitum
The documentation at http://dev.w3.org/html5/spec/offline.html#disk-space states that "care should be taken to ensure that the restrictions cannot be easily worked around using subdomains", so one would really have to use different domains as you write, which sounds a bit costly.
A malicious actor might write a wordpress worm to assemble a domain botnet and cross-link them all to each other such that visiting one stores 5 megs of nonsense from every site on a visitor's client.