A new browser window is just to destroy any iframe or frame that might be communicating with a remote server without your knowledge. It doesn't do much good if you are compromised through a browser hijack, have a toolbar on there, a trojan on PC, run through a bad DNS or proxy etc etc.
The better banks make you use your mouse to click on the numbers representing your pin, and the order of the numbers on the screen changes everytime you log on so it's not like a memorised sequence that can be reused or guessed. The only way someone could get in then is via a realtime screen cap or a spoofed DNS/proxy combination that reroutes your request through itself. Although this is when you would hit a certificate incompatibility as the cert is a little trickier to duplicate properly through the issuing authority and the stream needs to be decoded then sent on.
It is interesting to note that the changing position of numbers would probably go a long way to thwart the over the shoulder thieves or camera ones at the ATM as the position would change everytime. The problem would be accessibility for the blind and durability of the screens displaying the changing numbers.
