This is turning a remote server into a previously "safe website" and expanding the threat model to include remote web browser attacks.