I don't know much (if anything) about web development or bookmarklets but I think you're right it would be a security risk if a js in the url bar could do things locally.

what happens if you associate .flv with a helper application (kmplayer) in MicroB or firefox, is this possible?
Editing about:config to remove some security features to allow local access may be another possibility for scripts but I think a browser extension like the one below is a better alternative to avoid this.

https://addons.mozilla.org/en-US/firefox/addon/446

I don't know if any of this is possible, just a thought.