I don't see how a browser based distribution has the potential to be better as far as security. I don't think it is foregone it would be worse, mind.
What does a browser by in terms of added security? Encrypted connections did not spring in to being with ssl. And, doing a secured stateful connection seems easier/better than the stateless messages method of traditional http applications.
Please re-read. Browsers don't have exemplary security, but, what they have can be slightly better than simple code signing. Also, I say it's entirely possible that the other platforms to leapfrog them. The problem with current sandboxes for native code, is that they disarm the participants while empowering malicious code.
I am rereading. I am also asking for specific examples of how a browser has potentially better security than a custom application. Because, I just don't see it.
Unless you are trying to say that something in a limited sandbox of a browser has limited capability outside of said sandbox. But... how is that not just as true of any other sandbox approach.
Right now, native code security is pretty much limited to code signing and sandboxing. Browsers go one better than code signing with restriction of communication. Additionally, entire classes of exploits are made much harder because Javascript is a managed language.
What does a browser by in terms of added security? Encrypted connections did not spring in to being with ssl. And, doing a secured stateful connection seems easier/better than the stateless messages method of traditional http applications.