FTP requests are not isolated to first party domain
While looking at Torbutton patches Mike committed last night I realized we are not isolating FTP requests to the URL bar domain. This does not only lead to top level FTP requests not showing up in the circuit display but rather to all embedded FTP requests sent over the default circuit. I fear there are quite a number of risks involved in this design that give a malicious website(s) ample chances to correlate user traffic at least.