Comment 18 for bug 1393515

@john ... i do not want to keep teh browser unconfined but currently we have a widely gaping security hole that allows everyone to read any cleartext password any third party app stores in the users home. i have no doubt that adding confinement is the right solution, can you implement it for the next OTA (yes this was rhetoric) ... ?

today if a user uses some third party facebook web app that stores his PW in a cleartext cookie that user cant hand his device unlocked to someone else without immediately risking that they can read his PW ... i know intercepting the file protocol isnt a solution, but applying such a band aid until the actual solution is in place to protect our users seems accceptable to me vs having this issue open for another year with actual customers out there being vulnerable ...