Everything in file:// is the same origin. I think Mozilla has been experimenting with changing this, but I can't remember how they handle localStorage (if it's even different at all).
No. Everything on file:// has the origin defined by the origin serialization algorithm. http://dev.w3.org/html5/spec/Overview.html#origin The spec tells "If scheme is "file", then the user agent may return a UA-specific value." In Opera's case we use file://machine/ where machine can be localhost, an ip, or a remote computer with a shared folder. If you're on a local network which cannot be fully trusted, accessing a page at file://peer/ that manages to access your local harddrive is as serious as a cross-domain attack, or even more. So saying that everything on file has origin file:// is a misconception of the problem origin tries to solve.