As I re-read my submission, I thought about ActiveX controls circa 1999. They certainly could have been used to solve such problems (at least on Windows), but the ability for any old site to install native code made them a security disaster.
What's different here? The entity you trust to provide you with a secure browser is the same entity providing a set of profiles, and you would opt into which sites could access these profiles. And, there's no "run arbitrary code" profile.
There's still a problem. Most users would just click "Yes" whenever a web site asked for access. Chrome addons routinely request access to "all files on your computer" and very few users complain about it. Fast-forward, and it's ActiveX all over again.
I wonder if the security concerns could be limited by opt-outable warnings on first use. Let's say you gave a malicious site access to the camera profile. Would it be sufficient for an implementer of the profile to show a dialog saying, "Click here to upload all your photos to XYZ.com"? [Or, even better, show thumbnails of the photos which would be uploaded] Is it more real for users to allow specific access at a specific time than just a blanket "ok" at install time?
What's different here? The entity you trust to provide you with a secure browser is the same entity providing a set of profiles, and you would opt into which sites could access these profiles. And, there's no "run arbitrary code" profile.