For anyone using the browser, you should assume it's full of security holes. I don't know anything about its implementation, but if you consider how frequently the major, reputable browsers issues patches, there's no way Tesla is keeping up at the same pace. (Unless they're doing quiet background updates to it separate from whole car OTA, but I haven't seen anything to make me think that's the case.)
This means:
1) Avoid browsing to any website you don't 100% trust. (And hope that even on trusted websites, you won't get attacked via 3rd party ads.)
2) Avoid entering any login information, especially not anything sensitive. (Car forum login maybe okay
.)
I wonder how well Tesla has isolated the browser from the rest of the system. Like if a website manages to gain remote code execution via the browser, how much of the infotainment and the car as a whole might they compromise? Maybe they've done a lot, or nothing, I've no idea. I think if they were taking the browser seriously though, they would publish more about their security practices.
Btw I love the idea of the builtin browser, it could be really convenient and useful, but it's so slow and the security is so questionable that I don't think anyone should use it. Much safer to use your phone, assuming you keep its OS and apps up to date.