In "What I Want In Firefox (Parrot)", Ovid expresses his desire for Perl 6 scripting functionality, with the caveat "if the sandbox is secure enough".
Aha, there's your problem.
The Firefox developers clearly didn't have sandboxing in mind when they designed the browser, scripts are essentially free to do what they wish at least with the DOM, as well as access many central browser functions, plus a bunch of things that we really don't want security vulnerabilities for.
Oh, and BTW: the example commits one of the great no-nos of web programming: pushing server side security into the browser, which essentially is no security at all, as seen form the server's point of view.
Why am I being so negative all of a sudden? Well, it might be sudden for this blog, but I've been working with security related cleanup and detection in the context of Linux system administration for a few years now. It's not enjoyable, I can tell you, and it definitely colours my perception of these things. Also, I've had a fair bit to do with thinking about security earlier.
Recommended reading (that should be required) for web programmers:
Innocent Code by Sverre H. Huseby (a buddy of mine), ISBN: 978-0470857441