Is the localStorge dangerous?
As most answers for the development questions - it depends.
If a confidential information is stored on the localStorage then YES, otherwise not.
In order to illustrate, A "SessionID" should be considered as confidential since an attacker might use it in order to get access to the application.
How to steal the localStorage?
An XSS attack can be implemented in order to steal all the contents of the storage. I would like to share my sample script which steals all keys in the localStorage:
Can we protect the localStorage?
As mentioned above, confidential information can be stolen. Therefore it is recommended to save confidential information on a cookie (since it has the "HttpOnly" method). Of course, XSS prevention actions should be taken.