The issue here is what users' consider to be the application, the browser (Mozilla) application or the XUL application
I think most users will consider the the XUL to be the application . If the xul is remotely located, no additional chrome applications need ever be installed locally What seems to be be needed is a method of defining trusted remote chrome > > Assuming a remote xul is opened using something like http://host/remote.xul > > why is this more unsecure than chrome:://workstation/local.xul > > It's not more secure, but it is believed that you might have considered > any security risks more before *installing* a chrome app. > > Masi > >
