bitcoin-qt supports "bitcoin:" URIs when Drag&Dropped to it. I have not implemented browser handlers because I have a bad feeling about javascripts being able to send data to the bitcoin client without user intervention.
Now at least you can make a button "drag this image to your bitcoin client and click send to pay"...
As long as your handler
always opens up a dialog for sending bitcoins I think this is safe. Javascript cannot abuse mailto: torrent: and all the other gazillion registered protocol handlers, so why the bitcoin one? And most browsers open some "do you want to start..." dialog anyway. So I think, go ahead, register the handler. Dragging something around, while nice, is not a solution.
BTW, I follow your excellent development on bitcoin-qt. I constantly pull your changes and compile my client myself. But the average user cannot. Hence my point in making bitcoin-qt the official client.