There's a preference in Mozilla called 'signed.applets.codebase_principal_support'. I've seen numerous XUL application authors and others encourage their users to set this preference to true. I'd imagine a significant number of mozdev developers have this enabled. What does enabling this preference do? It allows all web sites on the Internet to delete files on your hard drive with only one click.

OK, that's a bit misleading. What it really does is allows permissions to be granted based on the hostname and directory of a site rather than its certificate. It effectively disables code signing in a sense, which means that unsigned code can run after the user clicks OK in one dialog box. Also, it allows this for every web site, not just a particular one.

Now, I don't think code signing provides much extra security, since malicious code can also be signed. However, one generally has to pay for certificates ($300-$400 per year), and figuring out how to sign code is such a complex task that no one bothers, and as a result, you won't find a lot of signed code around. Still, there is at least some comfort with signed code, since one can see the name of the organization which signed it, assuming that someone isn't trying to trick you by using a certifcate from 'Amazon Retailers' instead of ''.

The point though, is that enabling the codebase principals preference reduces your security, and no author should ever be asking their users to enable it.