Comment 10 for bug 782972

Right, it's "just" bindings, but right now browsers don't run Python code. :) I'm fine with this all on principle, but I don't want to see JS crossing from the browser to the desktop without a specific security design. Since there isn't one yet, I'll just make an easy one up: "JavaScript must never be passed from the Browser to the Desktop". We can adjust this when there is something that needs to cross that boundary.

+1