run Bitshares secure functions (like the wallet) in the browser
Aren't "secure...wallet" and "in the browser" mutually exclusive?
Even though the server doesn't store the user's private keys, in practice the user is effectively trusting the server with their private keys. For the good and simple reason that, if your browser downloads and runs JS that has access to both your private keys and a network connection to the server that you downloaded it from, what's stopping that server from including evil code in the JS to steal your private keys?
With the existing wallet, you can compile it yourself and (in theory) every last line of code is public and auditable. We (or at least I) eventually want to have reproducible builds, so anyone would be able to verify the hash of a binary distribution built with specific toolchain and library versions.
I don't see how the JS version is auditable in that way unless you self-host the JS -- but I assume that the whole point of this exercise is to create a wallet that doesn't require users to install any software.