It seems font vendors keep drifting into a belief that EOT somehow
"protects" their font data. So let's repeat the truth again: it does no such
thing. It only forces a user to run an tool over the font file after
downloading it and before reusing it. Any other mechanism that requires the
user to run a tool over the font file before using it has exactly the same
deterrent effect.
That tool could be something as simple as a browser extension that
automatically converts every EOT file that is downloaded to TTF/OTF.
Alternatively, someone could develop an Apache module that automatically
rewrites the EOT rootstring to match the server's hostname, for every EOT
font served. That would actually be quite convenient for Web developers
since it would address the staging problem.
Rob
--
"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
53:5-6]