I see this slightly differently. Before, if I wanted to be able to do something like flash firmware onto some device I would have to download some random C++ application and install and run it on my local machine. As well as having access to all of my USB devices, it also had access to everything else on my system's user context. I didn't have a way of running that code and only giving it access to a single USB device and nothing else. Now, I can avoid installing anything at all. I visit the project page and opt-in to some flashing flow that's running in a sandboxed env. When the app requests it, the browser asks me for permission and I get to choose exactly which USB device I want to give it access too. That's picking exactly the minimum "outside" access I want to give it, nothing more. It doesnt get to read/write other USB devices I didnt choose. I doesnt get to read/write to my filesystem. It doesnt get to call system APIs. It doesnt get to set itself to start at startup. It doesnt get to install an auto-updater. For me, this is a better security posture than installing random win32 apps.

Are you more comfortable with installing native apps to control your hardware? Or you are more comfortable with opening a webpage to control your hardware?

With WebUSB implemented in major browser, you can be sure that they took extraordinary attention to all security implications.

With some random application from tiny developer, can you be sure about that?

I know for sure, that I prefer a webpage isolated in the browser for anything that could be done in a browser. I'm very hesitant to install anything locally.

Whether we like it or not, the distinction between an app and a web page has already eroded, and is, and only will be, eroding more.

Even for local apps it's starting to become common to ship the app in an interpreted language where the interpreter is a browser instead of say python & qt.

That's fortunately easily fixed: Don't grant them access!

But please don't tell other people what they should and shouldn't do on their own hardware.

The world has enough corporate walled gardens. I even enjoy using some of them sometimes, but the world would be a strictly worse place if these were the only remaining way to use computers.

Then don't select the device and don't press the 'allow' button when prompted.

It's already got access to CPU and RAM...how else do you think it works?