There's still a problem. Most users would just click "Yes" whenever a web site asked for access. Chrome addons routinely request access to "all files on your computer" and very few users complain about it. Fast-forward, and it's ActiveX all over again.
I wonder if the security concerns could be limited by opt-outable warnings on first use. Let's say you gave a malicious site access to the camera profile. Would it be sufficient for an implementer of the profile to show a dialog saying, "Click here to upload all your photos to XYZ.com"? [Or, even better, show thumbnails of the photos which would be uploaded] Is it more real for users to allow specific access at a specific time than just a blanket "ok" at install time?
Do people know better these days? I'm not sure.