Couldn't it be argued that working in the browser is indeed a relative security update, specifically since it relates to a signing certificate?