PPS Im also a little unclear as to what is meant by 'calling from content' in this context
I understood that the purpose the 'chrome' flag was to open the window as a chrome file rather than content. PPS Assuming a remote xul is opened using something like http://host/remote.xul why is this more unsecure than chrome:://workstation/local.xul
