A shifting HTML5 spec could leave many applications vulnerable

We get into a dangerous situation when applications start implementing a standards-based specification that's still in flux.  I think it's made pretty clear in the HTML5 spec.
Implementors should be aware that this specification is not stable. Implementors who are not taking part in the discussions are likely to find the specification changing out from under them in incompatible ways. Vendors interested in implementing this specification before it eventually reaches the Candidate Recommendation stage should join the aforementioned mailing lists and take part in the discussions.