Re: Web app? No thanks.
How can I secure a WPA so that it cannot communicate over the internet? I haven't really figured that out, and unless I can do that, they are too risky to use.
Any code that executes in your browser without you specifically asking it to is a security risk. Doubly so because it's inside the browser, where it effectively masquerades as your browser and therefore can dodge external security mechanisms. The more capabilities that are made available to that code, the more dangerous the situation becomes.
What I see WPAs as doing is unnecessarily escalating the already furiously heated battle between attackers and defenders. That's really why I object to the notion. Why do we want to do this? In the end, it only makes the web less usable to the masses.
If you want to make an application, make a real application. Don't tie it to web engines.