Here are a few more screenshots, after discussion with mconnor and a few other devs. They are in my opinion, and others I’ve heard, the most pleasing to the eye, and integrate fairly well with the browser chrome:
A web application with minimal chrome would look like this (for example, when launched with the -chrome flag of xulrunner, or window.open()ed with all the features disabled:
After I prepared these screenshots, Firefox went back to forcing the status bar instead of the location bar. So maybe the site information/context menu could be under the content, instead of over it. The border is still necessary, to delineate where the untrusted content actually is.
In addition, it would be good to allow untrusted web apps to do more with UI, but users should always have the option of disabling these:
open modal windows
hide context menus
perhaps even block leaving a page
See bug 248207 for some more history/discussion.