[bzb6]

Obviously it’s the result of stupid users, but you can get rid of the APIs, you can’t get rid of the stupid users.

[jwolfe]

If you get rid of the API it will just happen through malicious Chrome extensions instead. I guess that's an improvement in practical impact.

Will the next argument be that browsers shouldn't be extensible, because it's a liability with stupid users?