I'm noticing that building a WebCore app may not be as simple as building a Windows app. A Windows app runs inside of a user-specific environment that you can assume is protected from other users simply by how Windows works. (Users login, and whatever they have access to is whatever they have access to, and nobody else usually does.)
You can tell Windows that a given app can be installed "for all users" or just the given user, but I have not run into issues in treating them differently since most people don't share their computer with others and would not install stuff "for all users" if they do.
But by their nature, WebCore apps are accessible by everybody!
I'm not totally clear if the user's state data is supposed to be loaded up and managed entirely in the browser at run-time, but saving it the same way you do in a Windows app on the server side won't work for multiple users.
So what's the best way to manage user-specific state data in a WebCore app that's simple, easy to use, and safe enough that you don't need to worry about hacking or cross-access of data?
I've got the WebCore book, but I don't recall reading anything about this topic in there.