Hrrm. 'Digital cash' meets 'browser scale attack surface' and 'endpoint security'. What could possibly go wrong?

Good point. Doing our best to mitigate this risk profile. Private keys are never exposed through the API, browser/extension are isolated environments and wallets MUST implement authorization/signing/broadcasting user confirmations.

Is this to enable bitcoin services that do not hold a user's funds?

Yes, nor their private keys. This enables these services to sign any kind of Bitcoin transactions, of any complexity (as long as their are valid), without ever touching user's private keys or having to migrate its users to their own [web] client-side wallet.

Is your Chrome extension its own self-contained wallet or does it do some communication with an external, standalone Bitcoin wallet?

The one that I've developed and will opensource soon is a tiny layer above bitcoind (Bitcoin Core); that said, some other extension can implement its own self-contained wallet.

would be great to make it available via https://mashape.com

can this do OP_RETURN?

it can do anything bitcoin transactions can contain. the timestamping demo (you can find its screencast on the homepage) does exactly that: https://github.com/bitcoin-wallet-api/demos/blob/gh-pages/ti...