The guarantee of web page never edit file on your disk(only create new ones) does not hold on this api though. I know it's what makes this api useful. But at the same time, there is big risk that user never expected this and results into giant security issue.

Firefox and safari are generally very conservative about new api that can enable new type of exploits.

At least firefox and safari does implement origin private file system. So, while you can't edit file on user disk directly. You can import the whole project into browser. Finish the edit and export it.