Comment 9 for bug 1393515

I think the web browser is different from the file browser. If you hand your phone to a stranger, unlocked, with the intention that they can use the phone to dial someone or view the wikipedia entry for a topic under debate or check the weather or whatever, you'd really like it to be difficult for the person to make your life miserable. Dangerous operations should require re-prompting with pin or password.

The file browser would allow someone to add .ssh/authorized_keys or other similar tricks. The web-browser is, as far as I know, a mostly-read interface that would have great deal of difficulty modifying content. Granted that there may be plaintext data on the phone that a user wouldn't want a stranger to have easy read access to, but that data should probably be stored encrypted anyway.