I read the article, and saw the comment about separating content from client-side application logic. And honestly, I'm not entirely sure what that means. The problem with most of the web is malicious content that exploits holes in the client side application. The more client side web applications there are, embedded EVERYWHERE as this seems to be, the more places malicious content has to look for exploits.
And, to make an example: some malicious content crashes one applet, and now, thanks to the centralized identity management, it has access to ALL my online passwords, emails, etc. Yes, this is possible today, but the diversity of locations and mechanisms makes it much more difficult.
And that doesn't answer the other half of the security question: how secure is MY data when it's on the "web". This is where facebook falls flat - give one facebook application access to your data, and they get access to ALL your data, and your friends data and your friends friends data, or some such nonsense. Security was clearly an afterthought on that social network site. Is any thought being given to how to put up boundaries around the information we provide to the myriad of applets and web-integrated desktop you're creating.
W.r.t my ActiveDesktop comment: Microsoft tried to "integrate" the web into the desktop, 10 years ago. It flopped massively: it was a performance pig, and was just an incredibly bad idea from just about any angle you care to look at. I don't know that anything has changed in the last 10 years to make it any better of an idea - if anything, the increased threat level makes it a worse idea. So now when I fire up the KDE desktop, I'm going to get 10 more "applets" that chew up system resources, and if even one is unstable and causes problems, suddenly my whole desktop drags. Oh, and if some web server one of those applets goes to is compromised and serving up actual malicious content, the applet may crash and suddenly some cracker controls my desktop.
I guess my whole point is that security CANNOT be an afterthought on this kind of stuff. It needs to be thought about up front and included in every stage of development. My other point is that integrating the web into the desktop has been tried before... And while my shouting security may not be terribly helpful, hopefully it raises your awareness of it, and possibly others on this site.