Security considerations section

[msporny]

There is currently no section on security considerations in the specification. There should probably be something containing an analysis of the security implications of the protocol.

[kumar303]

There were many rounds of security reviews at Mozilla for what is now navigator.mozPay(). Here's some logging of the security reviews but some of the info is outdated by now. A lot of the threat models still apply.

• https://wiki.mozilla.org/Security/Reviews/navigator.pay (this is the most up to date)
• https://wiki.mozilla.org/Security/Reviews/InAppPayment
• https://wiki.mozilla.org/Security/Reviews/AppStore#Diagram