Not to mention, in this very case the "whole perimeter" does include the client program (the OS is tied to the hardware), aka a Big Tech web browser. And since this is not small tech (which would be noscript/basic (x)html), this will de facto exclude anything which is not Big Tech for most "legal" projects which wants some ultra heavy and fancy "web". Because near 100% of the project managers out there won't even take the risk anymore with such act.
Yep, those who are not Big Tech better be ready to REALLY, and I mean REALLY get close to metal and use REALLY small and lean tech, and namely to do NOT use Big Tech open source web software (blink|geeko/webkit+SDK).
This is weird because that will kill economically any attempts at Big Tech alternatives, ALL OF THEM.
Big Tech is BILLIONS OF $ OF CASH WITH THE BACKUP FROM INVESTMENT FUNDS WORTH TENS OF THOUSANDS OF BILLIONS OF $: THERE IS NO FG&* ECONOMIC COMPETITION OR ANYTHING, WORLDWIDE AND THEY GET EU WIDE LAWS ONLY FOR THEM???
The first thing is to get ultra hardcore regulation on small tech<->big tech interop, and I really mean _small_ and _lean_ tech (the second you have Big Tech web engine or a massive SDK with an ultra complex language, you are done for).
Not to mention, EVERYBODY KNOWS COMPUTER SECURITY IS A FANTASY: IT DOES NOT EXIST, IT IS ONLY A PROCESS, NOT A DELIVERABLE WARANTY. And as far as I know, metrics to know if the "process" was good enough do not exists, and in such complex system it is just BS.