> Assuming a remote xul is opened using something like http://host/remote.xul > why is this more unsecure than chrome:://workstation/local.xul
Only registered chrome can access other chrome via chrome:// URLs. Registering means the guarantee of some level of trust. Chrome loaded remotely does not have this level of trust as you can not allow arbitray access to all of the chrome for various reasons which escape me at the moment. - Brian
