It's always nice to see more smartcard oriented projects, but the main drawback from this approach (and the reason why we started designing our own Operating System and apps) is that a generic PKCS-11 card will have no way to provide the user with a validation mechanism for what's getting signed or enforce some security settings (such as a maximum payable amount) itself.