This lgtm from a security perspective. After talking with Giovanni, it sounds like the only real risk with un-whitelisting the API is potentially DoS'ing other apps that are trying to use BLE, which Kiosk mode should solve.
To clarify, however, there are really two Kiosk modes: one is "full system"/"boot" Kiosk Mode, which is what happens when a device boots straight into a Kiosk App. However, a Kiosk App can also just be run alongside other regular apps, mostly for testing purposes. In our Kiosk Mode security model, we allow special treatment of APIs in "full system"/"boot" Kiosk Mode, for a variety of reasons, but when Kiosk Apps are run along side other apps, we don't allow special APIs.
In this case, I'd request that we only allow this API by default in "full system" Kiosk mode, since that way an app can't DoS another app. When a Kiosk App is run alongside other apps, I'd like to require the special Chrome flag Giovanni mentioned in order to get access to the API.
Let me know if that makes sense, and thanks for your patience!
--Joel