From the PING review:

What is the model of interactivity? How should users know or control with whom they are interacting?

Is integrity or authenticity provided? How does the reader know who authored an EPUB, and confirm that it wasn't altered?

Do digital signatures as defined in the spec provide integrity or authenticity of a book? To what extent does that match guarantees of the web model (a known origin, no mixed content, confidentiality of communication contents). Would ongoing work on signed exchanges be helpful?

Do EPUBs allow entry of user-generated text? Does that text remain local? How does a user distinguish between interactivity that is provided by the reading system and interactivity that is provided by the book itself? When are they communicating with which piece of software? Annotations -- including highlights, margin notes, answers to in-book surveys, etc. -- can reveal very sensitive information that a reader might not wish to disclose to anyone else.

Do reading systems distinguish chrome in a way that provides security to the end user? Do ebooks typically display at full screen? Can they mimic websites and phish users? Our Web privacy guidance typically includes questions about "native UI" to cover cases like these: if there is no distinction between the UI provided by the user agent and the UI of the browseable content itself, then an interactive web site (or ebook) can effectively pretend to be a different site, and phish user credentials, for example. This would be a particular concern if EPUB reading functionality was provided by a web browser and users became accustomed to clicking links in ebooks to continue browsing elsewhere.