> "Just do it in the browser" seems a step backward from the security point of view; the HTTP server isn't running as me.
But why not? You can run an HTTP server as you. And then ideally you'd want to use some token-passing mechanism to prove to the server that you are you. Like, as browsers already implement, Kerberos. Maybe with the added detail of running a local KDC on every machine, as Apple does, to avoid needing to setup central kerberos infrastructure.