its all about paranoia.

A modern OS (such as NT or BSD) provides full isolation between processes. Process A and Z can't read the same chunk of memory, enless they both have security flags allowing this.

This means that one app can't read the values of the other.

By contrast in IE/FF/Opera each tab can completely access the other. Its upto the code of the browser, rather than the OS to isolate the processes. This is bad because its less likely to be able to manage (this is because it dosen't use the CPU features, it instead relies on having no bugs... yeh thats going work).

As such all the main browsers have had major security issues in the past, where a malicious script on one tab can read another. It stands to reason that there is a chance this can happen.

Where as if you open a separate process instance of the browser, its upto the operating system (and anything running with full kernel priveledges) to have the flaws that allow inter-communication to occur. This is much less likely.

The problem with FF is that it has a habbit of opening in the same instance, as under some operating systems this gives a much faster performance, NT thou it really is negated by the clever kernel design.... but this is another rant.

As such, using a separate process can help lead to better security, because your removing the possible attack vectors.