The next needed feature is strong cryptographic authentication in the Java/JS engines, such that only digitally signed scripts can run. Again, the site needs to be able to configure this, to say 'Only scripts signed by the Dalai Lama or Perry Metzger can run at all. Only scripts signed by Perry and the bank security officer can get at my e-wallet.'
The start of this is not complex. Create a set of standard headers that http-gw or other web proxies can add, so people behind a firewall can have sitewide policies. (Notice that this has the clever effect of making locally written scripts runnable, since they don't pass through the firewall, even if all we get is an on/OFF switch.)
Add authentication services at several (site configurable) levels. Digital signatures, one time run tokens are easy to do. They're not even that tough to do right. (One time tokens would be nice for meter-ware as well).
Previous Java suggestions Home Some docs on Skey