On Tue, May 19, 2009 at 12:18 PM, Marcos Caceres <[email protected]> wrote: > 1. If no <access> element is used, the application type (e.g., HTML, > Flash, whatever) is responsible for providing the security > context/rules under which the widget runs. For HTML this means that a > widget runs as if you had dragged a HTML file from your hard-drive > into the Web browser.
this part is scary. since historically that meant a web page with full file system access even though this wasn't usually what users wanted, expected, or understood. (it's true that browsers are evolving to a different model, but...)
