What I'm really interested in at this point is the security aspect of it. I know the schema I've described is nothing novel and a lot of people have used it in their implementations (at least that's my understanding). However, I'm interested in knowing if anyone has encountered any security breaches or drawbacks with that.
The only thing I can think of would be if malicious code on the client side could somehow gain access to the stored credentials… I think thats is highly unlikely (but hackers are a creative bunch and some JS engines are buggy, so you never know :-)). Thoughts?