question on 4.1 explicit intents

Dear all,

In section 4.1, the first paragraph is:

When handling an Intent marked as explicit (that is, constructed with 
the object literal constructor with a non-empty*service*field), the 
expected User Agent behavior is that if this "service" attribute is 
present, it/should not/display a service selection mechanism to the 
user. Instead, the service url/should/be loaded directly to handle the 
intent. (This is not a hard restriction. The User Agent/may/provide a 
way for the user to intercept even an explicit invocation.)

This is a security risk.
Why is security more relaxed here than in the previous section ?
Why does " The User Agent/must not/deliver an intent to a Service 
discovered in this way before the user has made a specific action 
allowing it." not apply here too ?
Best regards
JC

-- 
JC Dufourd
Directeur d'Etudes/Professor
Groupe Multimedia/Multimedia Group
Traitement du Signal et Images/Signal and Image Processing
Telecom ParisTech, 37-39 rue Dareau, 75014 Paris, France
Tel: +33145817733 - Mob: +33677843843 - Fax: +33145817144

Received on Tuesday, 12 June 2012 11:10:56 UTC