I spoke with one of the Engineers at Google working on this (I'm sorry, I forgot his name). He was telling me that a great deal of the security benefits of this can be achieved with iframes, but iframes require a second server round-trip. It is likely that this technology will be integrated with iGoogle and will result in a portal which loads in half the time.

The article notes that dealing with _capabilities_ can become "arcane and confusing". This means that Caja may have a larger role at the big companies, such as Google and Yahoo, or people wanting to play ball with OpenSocial. The complexity will outweigh the benefits for most scripters, and the standard will not be implemented in any major browser.