Although I agree with the author that the HTML5 web apps can be insecure if you don’t follow best practices around security but I’m not sure how are the risks mentioned in the above article have anything to do with features and functionalities introduced by HTML5 so I think the title is a bit misleading in that sense. XSS attack vectors are possible with JavaScript something that can be pre-dated before the HTML5 era. And PhoneGap isn’t HTML5 - its a hybrid solution to develop mobile applications.