[cjpearson]

Apps are sandboxed, but WebKit runs outside the sandbox with additional privileges such as JIT and multiple processes and communicates with the app through IPC. This change is allowing third-party code to also run with these privileges as long as they follow certain security standards.

[troad]

Imagine if they spent the last fifteen years hardening those privileges, rather than fighting like hell to keep everyone out of their treehouse.