As long as your handler always opens up a dialog for sending bitcoins I think this is safe. Javascript cannot abuse mailto: torrent: and all the other gazillion registered protocol handlers, so why the bitcoin one? And most browsers open some "do you want to start..." dialog anyway. So I think, go ahead, register the handler. Dragging something around, while nice, is not a solution.
Well the Bitcoin one has to do with payments. It is absolutely security critical. There is much more incentive to abuse it, than say, sending a mail or downloading a torrent... which is a fun spoof but not much more.
I agree, but making it clumsy (drag an image) instead of intuitive (click a link) is not a solution. Just add a big red warning dialog, or whatever fits you, in your handler. But add the handler. We should disable clickable links in the web browser, because a http link could send you to a child porn site, so a clickable link could make you a criminal.
I've asked for assistance in building binaries multiple times. It is quite involved, and I insist on doing it in a secure way. Multiple people would have to build it in an exactly equal build environment, then give the SHA hash of the .exe (and dependent DLLs). After, that it could be packaged and distributed using a https:// site.
To have done it in a really secure way, multiple developers have to review and compile this on their own, and then publish the hashes. Automatic compiled binaries wouldn't bring that much, because you could just commit some "send all coins to me" code and everyone pulling the code would still have the same hash.
On a side note, I for one, would like to compile it using VS. As far as I have tested, your code does not compile out of the box using VS. It does using the mingw, which is really great. But to be honest, compiling and debugging is way to slow using mingw.