It's false equivalence because you (and everyone else) knows that the case of an end user injecting script into a page on the receiving end of the connection is not the scenario under discussion, and is not the behavior that the rule implied by the earlier comment would be intended to prohibit. If the comment was tongue in cheek then I have misunderstood you and withdraw my objection :).