I wasn't saying it was an exploit, but just an example of how, as we give JavaScript more access to our hardware and browsers, there will be unanticipated interactions between features. Those surprises have often led to exploits in the past. All JavaScript should be considered untrusted (or malicious) code, and giving it new capabilities seems like an endless source of bugs and security problems. Those will probably be easier to exploit than timing attacks.