[jasonkostempski]

I sort of agree, i just think JS and content from other domains should have required user prompts.

[leeoniya]

and https by default should have never allowed off-domain or insecure/mixed content.

[jasonkostempski]

We can dream but, even if it had been that way, I suspect it would have taken just one bad browser (probably IE) to ruin it for everyone. They'd advertise it as "no annoying prompts", everyone would flock to it and other browsers would have to follow.