The web's security model is amazing. People click on links to unknown destinations & trust that bad things won't happen to them when they do so. It is so, so important as we design web APIs to preserve and to earn that trust, and to avoid eroding it to a death by a thousand cuts.