Fair point.

Okay, but this relies on CSS trickery. If you had navigated to a text URL this would not be a vector.

What's a text url? The only way I can see this not being a vector is if you browse with css (and javascript for good measure) turned off. Or use lynx.

A page of text? With Content-type: text? An example being a shell script?

Do you think the average user copying and pasting administrative commands into their shell will stop to check the content encoding of the document they are copying from? Do you trust your browser not to try rendering an ill-defined document with an ambiguous extension?

Do you check the Content-type: header of the response for text/plain before copying? If you do, you'd be in the minority.