[eternityforest]

I'm not a fan of the whole secure context separation thing. A lot of cool P2P stuff is impossible because a service worker can't access an HTTP server, which would be very useful for web sites to talk to IoT devices.

If there was something sensitive in front of my camera, I wouldn't give any random site permission anyway.

File system access should definitely be secure only, the rest might not need it.

Of course if Mozilla actually did FlyWeb we could almost totally deprecate HTTP except for some public legacy sites.