The basic problem is
That there will always be a way to subvert legitimate functionality in some way.
Ads are a problem because they will never be server by the originating website, the ad company works it out. Ultimately ads should probably be in a non-trusted page element without all the rich (and destabilising) content. This would not be great even for the googleopoly.
It is also a relatively straightforward vector to exploit, not just for malware, for any other type of scam, all you need is a front company and some up-front cash.
Google are unilaterally deciding to change their delivery approach to web standards, but given the lengthy negotiations needed to change or replace them formally with entrenched and violently defended positions its not likely to happen any time soon.
Although in this case, I hope at least a proposal for a standards change is made in conjunction with this...Otherwise we are at the thin end of standards anarchy...