There is some validity to the claims:
Originally Posted by paulm187
Kernel-level driver exploit - Whilst there is theoretically potential for this to happen, and it's not limited to web attacks, any malware could do it, yet we have - to my knowledge - never seen any malware using such a technique. It sounds like an ideal target target, 'being able to execute in kernel-space using shaders' but the fact is shader compilers are in userspace and the compiled code is then executed on the GPU, making it a highly uneconomical target. You need the compiler to still compile the program and then for the particular driver you are using to have a bug that you can exploit during shader execution, I'm not saying it can't be done but we've had programmable shaders for well over a decade and so far it hasn't been done - to any effect at least.
The reality is you'd probably exhaust the search for browser sandbox bugs before you even considered this kind of attack.
Cross domain image theft - This has been addressed in the spec, cross domain textures are not allowed and use of CORS is recommended if you want to do such things.
WebGL has been implemented commonly for some time now and we haven't seen any of these issues arise in the real world, not to say they aren't valid concerns but there are plenty of valid concerns for other implemented technologies and we don't just 'not use them'.
I would suggest MS doesn't want a boatload of programmers getting comfortable with OpenGL concepts and syntax, sure they could translate everything to DirectX behind the scenes but what would be the point of that? Just use OpenGL, but MS won't choose OpenGL over DirectX unless they are absolutely forced to. Progammable shaders have proven to be a fantastic technology, the above concerns are certainly not justification for throwing that flexibility away in favor of inferior HTML technologies.
Full disclosure: ContextIS was contracted by Microsoft to put that together.