NYTimes wrote:The new Web language and its additional features present more tracking opportunities because the technology uses a process in which large amounts of data can be collected and stored on the user’s hard drive while online. Because of that process, advertisers and others could, experts say, see weeks or even months of personal data. That could include a user’s location, time zone, photographs, text from blogs, shopping cart contents, e-mails and a history of the Web pages visited.
Full story
If you've read the article you've seen that marketeers already have at least 10 known locations to store their "code injections", making it increasingly difficult to get rid of any and all. What's more of a concern, the same technology can, no: will be abused by scammers to eavesdrop on unsuspecting surfers, targeting their sensitive data like bank accounts and creditcard stuff... I predict the first such scam to happen within a fortnight of a major (financial) website switching to HTML5 (Google, banks, etc) and maybe not even that long...
This is something the browser makers should be very wary of, their reputation is on the block here... And the axe will fall as soon as a fault (exploit) is found: it'll be the end of that browser. Except for IE of course

