Proposed to @W3CAB that all @W3C specs should have a #Security & #Privacy section, like the @W3CTAG’s: https://w3ctag.github.io/security-questionnaire/
from the perspective that I’ve done so myself (i.e. dogfooded) in the most recent @CSS3UI Candidate Recommendation: http://www.w3.org/TR/css-ui-3/#security-privacy-considerations
Related:
* tantek.com/2015/189/b1/css-basic-user-interface-level-3