If I tell a browset to display a URL I want it to obey ME, period. It's okay to warn about certificates and such but damnit I want the data retrieved! As for security risks, just don't RUN any of it! Anything that can't simply be displayed should be stashed somewhere.