The next generation web will be all about abstractions for handling foreign code.
Of all the desirable features for a development platform, one of the most desirable is the ability to write and deploy code quickly and easily. This is how people explain the success of the web and web applications like the google suite.
The next generation web will protect users even from malicious code without requiring much greater responsibility. The new security will have to support three classes of features:
allow the code from one site to affect the user's experience of other sites (like greasemonkey for example)
clearly determine what site is responsible for a given interaction (to combat phishing for example)
Users will never be hassled "are you sure you want to install this extension?"; foreign code will have access to a powerful set of operations that yet poses no threat to the user. On the other hand, users will have to learn something of a new approach just to be able to understand what they'll be seeing.