By Dan Cornell
From a features standpoint that allows you to make much more interesting applications. Maintaining local-disk state that lives across browser lifetimes is super-helpful. From a security standpoint, however, this opens up a whole can of worms. If this framework is going to require a user to run local code attackers are not just limited to breaking current browser security protections. They can also attack the local code that Google Gears will rely on. This is a huge difference so we will see how things turn out.
However I was encouraged to see that they have a fledgling security page that talks about design and coding issues that could affect Google Gears applications' security. They have a little bit of talk about their security model and a little bit of talk about things like SQL injection. This is a good start but with such a new mentality for building web applications and so much new code in the frameworks I suspect that there will be more than a few security issues to work out - both in the framework and in the application built on top of it.
dan _at_ denimgroup.com