I wanted to add while this would be a cool idea, it seems to rely too much on browser detection. As an example, i get a 2 with Firefox 7 and NoScript allowing access from the site. But if I disallow scripts from the site, I still get a 2. And some of the "failings" aren't fails, such as:
Does the browser automatically block insecure content from secure (HTTPs) pages? NO
Actually it does, because I have it enabled.
Does the browser filter out scripts on the client to help protect against XSS attacks? NO
It does with NoScript. Although Photobucket has gotten annoying lately with the XSS they started using about a week or so ago.
Of course IE9 tests with a 4 out of 4...
If I change my User Agent in Firefox to IE8, I get 3 out of 4.
It would be better if it actually did test browser security, rather than just reading User Agents and returning static info about them.