[daeken]

That sort of protection has nothing to do with js, but rather the browser, which isn't in play here.

Edit: It's implemented via Mobile Safari, as pointed out by justincormack -- this comment is invalid.

[evinfinite]

I find it rather silly to be worried about security given that Apple's one of the largest browser vendors in the world, directly or indirectly via WebKit.

More accurately: all increasing of capabilities in non-immediately-apparent sources IS cause for concern. But that has to be weighted against the exhibited competence of the vendor. I find it unlikely that we-vet-everything our-brand-name-is-safe-computing-experiences Apple wouldn't have considered security in this move.

[rm-rf]

Presumably they have. But given the number of times Safari has been remotely exploitable in the past, that's not necessarily reassuring.

[justincormack]

iBooks is implemented using mobile Safari, so the security model is the same.

It uses CSS3 columns to make the pages going across.

[daeken]

Ah hah, I was mistaken. Thanks!