In reply to a tweet by @adambarth:
@adambarth fwiw, I agree with @bz_moz & @hsivonen — if it doesn’t use the Web’s security model it’s not the Web, even if it has HTML/CSS/JS.