> The change to the Sync security model happened in response to years of user feedback about the usability of the system as it was.
They should have improved default usability while still preserving their previously-unmatched security level. Yes, the old system didn't do what novices expected, and yes they should have gotten a default system which would. But experts should still be able to use a truly-secure system.
It's currently impossible to use the Sync system securely: even if one ran one's own Accounts server remotely, then an attacker would still be able to inject malicious JavaScript into the signin page. Accounts should never have been usable from within a web page; they should always have been isolated to the browser chrome.
They should have improved default usability while still preserving their previously-unmatched security level. Yes, the old system didn't do what novices expected, and yes they should have gotten a default system which would. But experts should still be able to use a truly-secure system.
It's currently impossible to use the Sync system securely: even if one ran one's own Accounts server remotely, then an attacker would still be able to inject malicious JavaScript into the signin page. Accounts should never have been usable from within a web page; they should always have been isolated to the browser chrome.