If you are working with any sort of confidential data, be it personal information, or payment info, or whatever, a determined attacker with access to executing Javascript on your page is going to cause a world of problems, the least of which is gaining access to localStorage. A much more concise example is adding a simple eventlistener on keypress, and just logging that data to a third party.

localStorage is ready for widespread use, imo, you just need to know what and when to use it; using localStorage as initial cached state on application startup is extremely useful.