- The code is all stored server-side; you stop paying, or the vendor loses interest, you lose the app. Poof. I can still run applications from the 1990s for research, but I can't run a webapp that disappeared last year.
- The protocols ("REST" not withstanding) are all proprietary. Given any two competing webapps, they almost certainly vend two entirely different protocols.
- Everyone gets the latest version whether they want it or not -- and whether it's a benefit to them, or not. If the company wants to insert ads, or revoke a useful tool that no longer fits their strategy, or take any other action that diminishes the value of user's investment in the app -- they can.
- Lock-in is standard; data is heavily welded to the particular application, and even where data export exists (a rarity), the formats are proprietary and ill-supported elsewhere.
For all the talk of "openness" for developers, the web has created what might be the most open-hostile environment for users we've seen since AOL and Compuserve.
