We should have https://docs.google.com/document/d/1MNxsRbo8FIgP0WOxb_edreCY2em_KN8ALBu0FiWw0KY/edit in a more prominent place. And maybe we also want to stipulate what is out of scope, such as one-click attacks.

We also want to distinguish here between XSS safety and the more encompassing model for "default".