Won't phishing be an issue with the full screen API? If antiviruses can be faked in web pages with such accuracy complete with Windows and Mac look and feel, the full screen API might allow for more convincing fakes. Firefox does show a dialog, but it sounds relatively harmless.
I noticed that Chromium (18.0+) asks if you want to allow the full screen API on that page (ala geolocation), but Firefox just enables it automatically.
