Holes in the Armour?
I fear that there might one day be an exploit out there that is hard to defeat without chopping off a load of functionality. I don't think that it's likely at the moment, but we're currently heading towards such a thing, not away from it.
That would leave us with server side execution. That would be highly unpalatable. But it might be our only way forward.
Anyone willing to have XServer frames in a browser?