The LocalServer allows an attacker to cache any file on the browser of the victim for a specific site. For example he could cache a file like 'http://mail.google.com/gearsBackdoor.html' in the LocalServer of the victim with malicious content. The attacker can call this page either by sending a link to the victim or by loading it in an iframe when the victim visits his website. When that happens the page is served from the LocalServer and the malicious content is executed in the context of mail.google.com. A more advanced attack would be to place a backdoor in the same name as a file that is part of the website. This way every time the user logs in to the website the backdoor would be called automatically. Obviously this kind of an attack can have serious consequences for the victim.
I have enumerated seven different types of backdoors that can be placed with Google Gears. Details of these techniques will be available in a whitepaper that I would release soon. Imposter can be used to both steal database contents and place backdoors.