Audit the use of IsSecureContext to avoid bleeding http/https origins
http://example.com and https://example.com are different origins and do not share state (cookies, etc)
If TB edits IsSecureContext to make .onion secure, it may be the case that the origin separation checks use IsSecureContext and thus data will bleed between them. That would be bad.
We could probably talk to Kate about this.