About security, I keep saying that security experts are confident about the Web Runtime so if you have concrete arguments please just expose them. Blunt conclusions based on the use of Javascript leave little space for constructive discussion. fwiw