That sounds like an argument for better ad blocking, not an argument for less rich web APIs. Avoiding new web APIs because ads might use them seems like avoiding new OS APIs because malware might use them; better not to run the ads/malware in the first place.
See, this is what I don't understand about HTML5. Wasn't executing untrusted code the purpose of operating systems ? Now we're having two layer of APIs like you said. Browser APIs and OS APIs. And we're seeing weird (or awesome) things like Emscripten, Native Client and Chrome OS.
