Storing data with user permissions, not permission-less. Its in no way like local storage or indexdb. Those permissions could be scoped to only allowing explict read/write of certain files (IE, the ones the user initiated) and not allow for arbitrary writing of files to the filesystem, for instance.

We already do this with the file upload API