From a316df169fc650471987a56a3821fc3f68d5b055 Mon Sep 17 00:00:00 2001
From: Chris Needham <chris.needham@bbc.co.uk>
Date: Thu, 21 Mar 2024 12:51:26 +0000
Subject: [PATCH] Update security considerations

---
 index.bs | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/index.bs b/index.bs
index 237f3df..ff469a4 100644
--- a/index.bs
+++ b/index.bs
@@ -467,9 +467,10 @@ apply to the shadow host chain.
 
 <em>This section is non-normative.</em>
 
-The API applies only to {{HTMLVideoElement}} in order to start on a minimal
-viable product that has limited security issues. Later versions of this
-specification may allow PIP-ing arbitrary HTML content.
+To prevent potential abuse through spoofing, the API applies only to
+{{HTMLVideoElement}}. User interaction with the picture in picture window
+is intentionally limited so that the only effect is on the picture in
+picture window itself or the media being played.
 
 ## Secure Context ## {#secure-context}