Quick update: we had a really productive lunch with a bunch of Mozilla and
Google peeps (cc'd)
After mulling this whole thing over, we're decided keep shadow trees
traversable with a special provision for built-in HTML elements (UA shadow
trees) to be non-traversable, per spec.
We reached this conclusion after conducting a thought exercise of trying to
gain entry into an imaginary private shadow tree, which exists in the same
scripting context as the document, just using existing Web platform API --
as you may guess, it's not that difficult.
However, to allow developers a degree of enforcing integrity of their
shadow trees, we are going add a new mode, an equivalent of a "KEEP OUT"
sign, if you will, which will makes a shadow tree non-traversable,
effectively skipping over it in an element's shadow tree stack.
We couldn't come up with a good name for this mode. "Private" conveys false
expectations of being any sort of security primitive. "Hidden" is unclear
in purpose. "Get-Off-My-Lawn" is perfect, but a touch too wordy.
We will also pursue, as a second phase of Shadow DOM spec, a way to create
shadow trees that exist in a separate scripting context and a separate
document, but render as part of the main document. These will provide the
necessary security guarantees and finally bring the candy trees and
unicorns to the Web platform.
:DG<