One benefit of a web app is that it makes error reporting so much easier, as you are pretty much assured they have a way of communicating with you (the Internet).
I think in light of this, mutating the previously suggested logging errors into a silent error report could be a very powerful tool for the future (indeed it’s already used in some areas of serving websites). Where you would normally fail fast in a debug build, you could now feasibly, in production builds, send these as minor error reports and then try, if it makes sense, to recover. Somewhere close to the best of both worlds I feel.
I would agree that people probably try to recover too often when they shouldn’t. If you don’t know exactly how to recover, don’t try.